Skip to main content

Set up the Contrast connector

The Veracode Risk Manager (VRM) connector for Contrast integrates with the following products from Contrast Security:

  • Assess
  • Protect (RASP)
  • Scan (SAST)
  • Serverless
  • Software Composition Analysis (SCA)

By connecting to Contrast Security’s toolset, VRM unifies, prioritizes, and suggests best next actions for DAST, SAST, runtime, and serverless vulnerabilities.

Complete the following tasks to set up your VRM connector for Contrast.

Get your Contrast keys and Organization ID

To provision this connector, you need to get your API key, service key, and Organization ID from your Contrast account.

To complete this task:

  1. Sign in to your Contrast account.
  2. Select the user menu in the top-right of the screen, then select User Settings.
  3. On the Profile page, scroll to the Your Keys section.
  4. Copy the Organization ID, Your API Key, and Service Key values to a secure location. Contrast API keys

Create a VRM connector

  1. In VRM, from the left navigation menu, select the Settings icon settings_icon.png.
  2. Select Add Connector.
  3. Select the Contrast tile.
  4. Enter a name for the connector.
  5. Paste the Organization ID, Your API Key, Service Key values you generated in Contrast.
  6. For Username, enter the username of your Contrast account.
  7. For Host, enter the base URL for your organization's Contrast account. For example: https://myorganization.contrastsecurity.com
  8. Select Add Connector.

Validate your data

After successfully connecting the Contrast connector within VRM, it will take some time for VRM to fetch the findings.

After the connector has completed the fetch, validate that VRM correctly ingested the data.

  1. In VRM, select Findings Findings icon from the left navigation menu.
  2. Select the Findings Source filter and select Contrast.

The Findings table lists the Contrast vulnerability findings.

Last updated on