> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# contrastsecurity/verify

Install and configure/use Contrast Security on CircleCI https://contrastsecurity.com
The Contrast agent begins securing your code by adding sensors to the entire software stack of your applications - from runtime to custom code - to directly measure vulnerabilities and attacks. Contrast Assess continuously monitors all your code, including your libraries, for known and unknown vulnerabilities, and produces accurate results without dependence on application security experts.
You can find this orb's source code in the following GitHub repository https://github.com/Contrast-Security-OSS/contrast-security-orb


## Commands

### check-vulnerabilities

After running your tests, query the Contrast API to see if any new vulnerabilities were found in your build. Requirements: Python, pip


| Parameter | Type | Default | Description |
|---|---|---|---|
| `api-key` | env_var_name | CONTRAST_API_KEY | Name of environment variable storing your Contrast API key
 |
| `application-id` | string |  | ID of your application in Contrast
 |
| `contrast-url` | string | https://app.contrastsecurity.com/Contrast | The Contrast url for your instance. The default is https://app.contrastsecurity.com/Contrast
 |
| `org-id` | string |  | The organization id for your Contrast organization. This can be found on the "Your Account" page in the Contrast UI.
 |
| `python-path` | string | /usr/local/bin/python | Absolute path to an installed Python shell
 |
| `service-key` | env_var_name | CONTRAST_SERVICE_KEY | Name of environment variable storing your Contrast service key
 |
| `severities` | string | CRITICAL,HIGH,MEDIUM,LOW,NOTE | A comma-delimited list of serverities to use when filtering for vulnerabilities.
 |
| `username` | env_var_name | CONTRAST_USERNAME | Name of environment variable storing your Contrast username
 |
| `vulnerability-threshold` | integer | 0 | For what number or greater of open vulnerabilities would you like your build to fail?
 |

## Jobs

### check-vulnerabilities

After running your tests, query the Contrast API to see if any new vulnerabilities were found in your build


| Parameter | Type | Default | Description |
|---|---|---|---|
| `api-key` | env_var_name | CONTRAST_API_KEY | Name of environment variable storing your Contrast API key
 |
| `application-id` | string |  | ID of your application in Contrast
 |
| `contrast-url` | string | https://app.contrastsecurity.com/Contrast | The Contrast url for your instance. The default is https://app.contrastsecurity.com/Contrast
 |
| `executor` | executor | default | Executor within which to run this job, defaults to this orb's own `default` executor. The given execution environment should have Python and pip preinstalled.
 |
| `org-id` | string |  | The organization id for your Contrast organization. This can be found on the "Your Account" page in the Contrast UI.
 |
| `python-path` | string | /usr/local/bin/python | Absolute path to an installed Python shell
 |
| `service-key` | env_var_name | CONTRAST_SERVICE_KEY | Name of environment variable storing your Contrast service key
 |
| `severities` | string | CRITICAL,HIGH,MEDIUM,LOW,NOTE | A comma-delimited list of serverities to use when filtering for vulnerabilities.
 |
| `username` | env_var_name | CONTRAST_USERNAME | Name of environment variable storing your Contrast username
 |
| `vulnerability-threshold` | integer | 0 | For what number or greater of open vulnerabilities would you like your build to fail?
 |

## Executors

### default

CircleCI's Python convenience image: https://hub.docker.com/r/circleci/python


| Parameter | Type | Default | Description |
|---|---|---|---|
| `image` | string | circleci/python | The name of image |
| `tag` | string | 2.7.16-jessie-node-browsers-legacy | The image version tag |

## Examples

### run-tests-check-vulnerabilities

Query the Contrast API to check if vulnerabilites have been found in this application.  If vulnerabilites have been found above the set threshold, then fail the build.


```yaml
jobs:
  contrast-verify:
    executor: contrastsecurity/default
    steps:
      - checkout
      - contrastsecurity/check-vulnerabilities:
          application-id: (your application id)
          contrast-url: https://app.contrastsecurity.com/Contrast
          org-id: (your org id)
          severities: CRITICAL,HIGH,MEDIUM
orbs:
  contrastsecurity: contrastsecurity/verify@x.y.z
version: 2.1
workflows:
  test:
    jobs:
      - contrast-verify
```