| License Type | SaaS & On-Premise |
| Agent Mode | Assess |
| Main Product Category | Contrast UI |
| Sub Category | Vulnerability Management |
Question
When deploying the agent across multiple versions of the same application, how do I distinguish and manage Contrast's findings?
Answer
There are a few methods you can employ to achieve this:
Set the build version directly
The application's version can be set through the -Dcontrast.override.appversion commandline argument. This allows you to tag all vulnerabilities found in a specific version for easier sorting.
Example command:
java -Dcontrast.override.appversion=TR_1.0.1_11 -javaagent:contrast.jar -jar application.jar
Set the build version in the Server's name
We can create a new server for each build version, you can choose with which version granularity to create a server for. By specifying the version in the server's name, you can easily filter vulnerabilities in the application. This method is useful if you have multiple server environments in which you do testing to find vulnerabilities, you can set the environment for each server.
Set the Application Code and open Jira tickets
You can set the Application Code in the Contrast UI with the current release version.
You can then send the ticket to your Jira server using the in-product integration. The Application Code will be included in the Jira ticket, allowing you to build your workflows for managing the vulnerability in Jira.
