Objective
When Applications are merged together in Contrast, it's necessary to select one of the Apps as your "primary" Application. The merged group will then use the name of the primary throughout the Contrast UI. In some cases, this may not be the desired behaviour and you'd rather give your merged group of Apps a custom name, unrelated to its merged modules.
The following process provides a means of creating an empty Application which can be named as you wish and, when used as a primary App, will provide your group of merged Apps with your custom name.
Process
When creating a new Application, you will need to specify a name and a language, where language will represent the main language of that application, controlling which rules will be available in policy management. Language is one of: JAVA, DOTNET, DOTNET_CORE, NODE, RUBY, PYTHON, GO, PHP
You can merge them, but probably shouldn’t, as you then can’t manage rules of the non-primary language modules.
Use the Contrast CLI:
Installation
See documentation at Install the Contrast CLI and contrast-cli NPM package.
npm i -g @contrast/contrast-cli
Passing all configuration on the command line usage
contrast-cli --catalogue_application --host your_teamserver --api_key $API_KEY \
--authorization $AUTH_HEADER --organization_id $ORG_UUID \
--application_name $APPLICATION_NAME --language $LANGUAGE
#optionally, if you need to add this app to EAC groups:
#--app_groups list,of,eac,groups
#optionally, if you need to add application tags:
#--tags csv,list,of,app,tags
#optionally, if you need to add application metadata:
#--metadata key=value,pairs=of-app-metadata
#optionally, if you need to set application code:
#--code optional-app-code
YAML usage
cli:
authorization: $AUTH_HEADER
api_key: $API_KEY=
organization_id: $ORG_UUID
host: your_teamserver
application_name: $APPLICATION_NAME
language: $APPLICATION_LANGUAGE
#optionally, if you need to add this app to EAC groups:
#app_groups: list,of,eac,groups
#optionally, if you need to add application tags:
#tags: csv,list,of,app,tags
#optionally, if you need to add application metadata:
#metadata: key=value,pairs=of-app-metadata
#optionally, if you need to set application code:
#code: optional-app-code
Then run the following to create the empty application:
contrast-cli --catalogue_application --yaml_path contrast_security.yaml
Once you have successfully created the empty primary application, you can then license it and merge the relevant modules under it.
Underlying Contrast CLI API call
The API call detailed below allows you to optionally specify a comma-separated value list of access groups the application should be added to, tags that should be added to the application, key/value pairs of application metadata and the application code (displayed next to the application name in Contrast UI), only application name and language are required:
curl -X POST \
https://your_teamserver/Contrast/api/ng/sca/organizations/$ORG_UUID/applications/create \
-H "Authorization: $AUTH_HEADER" \
-H "API-Key: $API_KEY" \
-H 'Accept: application/json' \
-H 'Content-type: application/json' \
-d '{"name": "$APPLICATION_NAME", "language": "$LANGUAGE", "appGroups": "list,of,eac,groups", "metadata": "key=value,pairs=of-app-metadata", "tags": "csv,list,of,app,tags", "code": "optional-app-code"}'
PowerShell Example:
$Uri="https://app.contrastsecurity.com/Contrast/api/ng/sca/organizations/$ORG_UUID/applications/create"
$Headers=@{"Authorization"="$AUTH_HEADER";"API-Key"="$API_KEY"}
$Body='{"name": "$APPLICATION_NAME", "language": "$LANGUAGE"}'
Invoke-RestMethod -Uri $Uri -Method POST -ContentType "application/json" -Headers $Headers -Body $Body
<%= heading %>