Changes to Hardcoded Password and Cryptographic Key in Contrast

  • Updated
 
The Hardcoded Password and Hardcoded Cryptographic Key rules in Contrast Assess will be disabled by default in new Java, Node, Python and Ruby agents by the end of September. This is being done to reduce application start-up time for default configuration.
 
If you wish to use these rules for new agents, you will need to turn on the Hardcoded Password and Hardcoded Crytographic Key in the policy setting in Contrast Assess to test with those rules. 
 

ISSUE: HARDCODED PASSWORD AND HARDCODED CRYPTOGRAPHIC KEY RULES

  • Are currently implemented in Java,Node,Python,and Ruby agents
  • Use linear startup penalty based on files/classes per application and may include dependencies

PLANNED ACTION

  • Disabled hardcoded password and hardcoded cryptographic key by default for new applications
  • Those who want to use associated rules must enable them

OBJECTIVE

  • Reduce application start-up time for default configuration

CUSTOMER ACTION

  • Contrast Assess users need to turn on the Hardcoded Password and Hardcoded Cryptographic Key in the policy setting to test with those rules (viz., via Policy Settings in the Team Server UI per Application or by configuring Org Defaults to override

TARGET TIMEFRAME

  • End of September 2021

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request