Overview
In Contrast Security version 3.8.8, the Assess rules for Hardcoded Password and Hardcoded Cryptographic Key have been disabled for onboarded applications. (bulletin here) All applications onboarded after this release will have these two Assess rules turned off by default but can be re-enabled by following this documentation.
Main steps
You will do the following in this guide:
- Navigate to Policy Management
- Configure the default policy
- Search for the rules
- Enable the rules
This guide assumes you have:
- Access to the Contrast Teamserver UI
- Admin permissions to edit Assess rules policies
Instructions
- Navigate to Policy Management
Click on your username in the top right corner to bring up the Contrast settings, then select Policy Management (figure 1). Assess Rules should be displayed. If not, select Assess Rules in the left-hand menu.
- Configure the default policy
Click on the Configure the default policy text to navigate to the Assess Rules Defaults settings.
- Search for “hardcoded” to narrow down the ruleset
-
- Use the dropdown menu to select All (Figure 3).
- Search for the word hardcoded.
- You will see two rules as a result.
- Notice that the two rules have been turned off in all three environments.
- Enable rules by environment
Click on the toggle buttons for each rule in each environment desired. As an example, we have enabled both rules in Development and QA but kept the rules off in our Production environment
- Save your changes
Click the small grey x in the top right corner of the Assess Rules Defaults pane to save your updated settings. All onboarded applications will now have these rules enabled in the specified environments.