Question:
If I upgrade a library in use by my Application, will the old library be automatically be removed from Contrast?
Answer:
Contrast analyzes library files - Java JARs, .NET DLLs, Node and Python packages, and Ruby Gems - in your application to assess their potential security risks. On startup, the agent reports the list of libraries in use by the Application. If a Server checks in with a library list which no longer includes a previously reported library, that library will no longer be associated with that Server. Once an Application has no Servers tied to it which are reporting a library, the library will no longer be tied to the Application.
A library will be removed from an App once all Servers reporting it have either checked in without it, or the Servers reporting it have been deleted.
The most common cause of a library hanging around after it’s been upgraded is because there’s an old Server entry which hasn’t reported in for a long time, but when it did last report in it had the library. Turning on automatic Server cleanup can help avoid that.
If you do not want to wait for Contrast to automatically update the application's library list, you can go ahead and manually remove (delete) the old library from the application's library list in Contrast. If the Contrast agent "sees" the old library again in the application, it will report it again. Otherwise, it will not.