Contrast Security is expanding its free developer tool, CodeSec, to include Open Source Security (OSS) and Software Bill of Material (SBOM) creation with its new SCA capability. Empowering developers to Identify vulnerable libraries in OSS and receive actionable remediation guidance, allowing them to ship code faster. The new feature will also enable users to manage software supply chain risk by allowing them to create SBOMs with ease.

What is CodeSec?
Contrast’s new free developer tool brings the fastest and most accurate scanner on the market right to developers for free. By packaging the same scanning engine used in our Contrast Security platform into a simple command-line interface (CLI), CodeSec empowers developers to scan, secure, and ship their code in minutes.

Getting Started with CodeSec - SCA in just 3 steps

1. Open a command-prompt or terminal, then install with NPM, Homebrew or by downloading binaries from Artifactory:

For this example will be using NPM. For other install options click here.

npm install -g @contrast/contrast

2. Authenticate using your existing GitHub or Google account.

contrast auth

3. Time to Scan your Open Source!

Navigate to your chosen directory.
Then run a SCA scan on your Java, Javascript, Python, Ruby, GO, PHP, .NET code with the following command.

contrast audit

In minutes CodeSec by Contrast will report all vulnerabilities found with actionable remediation guidance.

Happy Scanning!