AnsweredAssumed Answered

Contrast installation on CA PPM Server

Question asked by Rahul.Pandey1984 on Aug 15, 2017
Latest reply on Aug 23, 2017 by Rahul.Pandey1984

We are looking to scan CA PPM and any of our customized content for security vulnerabilities with a tool called Contrast (http://www.contrastsecurity.com). Contrast is a jar file that is triggered as an agent running on the JVM that is used by the application server, in our case Tomcat. There are some variables that need to be passed in typically to make this happen:

-XX:MaxPermSize=512M -javaagent:D:\Apps\Contrast\contrast.jar -Dcontrast.standalone.appname=Clarity-Dev -Dcontrast.log=D:\Apps\Contrast\logs\contrast.log -Dcontrast.level=error -Dcontrast.log.daily=false -Dcontrast.log.backups=0 -Dcontrast.log.size=10 -Dcontrast.disabledrules=crypto-bad-mac,crypto-weak-randomness,header-injection

 

Detailed Explanation: -XX:MaxPermSize=512M This is a memory setting that we need to adjust the JVM

 

-javaagent:D:\Apps\Contrast\contrast.jar

This is the JVM parameter that is used to load the Contrast.jar file in as an agent.

-Dcontrast.*

These are all parameters that are required by the Contrast agent that tell it how to operate.

 

We have installed this successfully in many other Java application servers including Tomcat but we have done this modifying the command lines and base configuration files which does not appear to work here. We tried to put the entire JVM parameters string into the JVM Parameters textbox in the Clarity admin console (CSA). It took them but when we rebooted the services the Contrast agent did not run, nor did it even through an error that we could find in the logs. We do not understand how we can install this for Clarity so any help the support team can provide would be much appreciated

Outcomes