Can I import a vulnerability into the Contrast UI?

  • Updated


Can I import a vulnerability trace from one Contrast Organization into another?


You can indeed. Before you begin, you will need the following:

  • Access to the Contrast UI and the ability to apply an Assess license.
  • The Java agent – contrast.jar.
  • The XML trace of the vulnerability to import. For details on obtaining the trace, please see the following page from our documentation: Export Vulnerabilities

Once ready, perform the following steps:

  1. On the command line, run the following command to create the application and import the trace.
    java -jar contrast.jar finding-deploy FileNameOfTrace.xml
    (In case of issues, note the order of precedence documentation here to ensure the agent is picking up the desired Contrast UI instance and organization.)
  2. In the Contrast UI, apply a license to the newly created application named FindingDump.
  3. Dive into the application and look for the vulnerability.


We can pass in -Dcontrast.config.path= to specify the location of a contrast_security.yaml like so:

java -Dcontrast.config.path=/path/to/contrast_security.yaml -jar contrast.jar finding-deploy FileNameOfTrace.xml


Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request