Can I import a vulnerability trace from one Contrast Organization into another?
You can indeed. Before you begin, you will need the following:
- Access to the Contrast UI and the ability to apply an Assess license.
- The Java agent –
- The XML trace of the vulnerability to import. For details on obtaining the trace, please see the following page from our documentation: Export Vulnerabilities
Once ready, perform the following steps:
- On the command line, run the following command to create the application and import the trace.
java -jar contrast.jar finding-deploy FileNameOfTrace.xml(In case of issues, note the order of precedence documentation here to ensure the agent is picking up the desired Contrast UI instance and organization.)
- In the Contrast UI, apply a license to the newly created application named
- Dive into the application and look for the vulnerability.
We can pass in
-Dcontrast.config.path= to specify the location of a
contrast_security.yaml like so:
java -Dcontrast.config.path=/path/to/contrast_security.yaml -jar contrast.jar finding-deploy FileNameOfTrace.xml