Question
Can I import a vulnerability trace from one Contrast Organization into another?
Answer
You can indeed. Before you begin, you will need the following:
- Access to the Contrast UI and the ability to apply an Assess license.
- The Java agent –
contrast.jar
. - The XML trace of the vulnerability to import. For details on obtaining the trace, please see the following page from our documentation: Export Vulnerabilities
Once ready, perform the following steps:
- On the command line, run the following command to create the application and import the trace.
java -jar contrast.jar finding-deploy FileNameOfTrace.xml
(In case of issues, note the order of precedence documentation here to ensure the agent is picking up the desired Contrast UI instance and organization.) - In the Contrast UI, apply a license to the newly created application named
FindingDump
. - Dive into the application and look for the vulnerability.
Notes:
We can pass in -Dcontrast.config.path=
to specify the location of a contrast_security.yaml
like so:
java -Dcontrast.config.path=/path/to/contrast_security.yaml -jar contrast.jar finding-deploy FileNameOfTrace.xml