The Hardcoded Password and Hardcoded Cryptographic Key rules in Contrast Assess will be disabled by default in new Java, Node, Python and Ruby agents by the end of September. This is being done to reduce application start-up time for default configuration.
If you wish to use these rules for new agents, you will need to turn on the Hardcoded Password and Hardcoded Crytographic Key in the policy setting in Contrast Assess to test with those rules.
ISSUE: HARDCODED PASSWORD AND HARDCODED CRYPTOGRAPHIC KEY RULES
- Are currently implemented in Java,Node,Python,and Ruby agents
- Use linear startup penalty based on files/classes per application and may include dependencies
- Disabled hardcoded password and hardcoded cryptographic key by default for new applications
- Those who want to use associated rules must enable them
- Reduce application start-up time for default configuration
- Contrast Assess users need to turn on the Hardcoded Password and Hardcoded Cryptographic Key in the policy setting to test with those rules (viz., via Policy Settings in the Team Server UI per Application or by configuring Org Defaults to override
- End of September 2021