Closed AnnaAAL closed 1 year ago
Hi,
Yes, the agent is sourced from Maven Central. If you look at https://download.run.pivotal.io/contrast-security/index.yml you can see the available versions that the buildpack can use, this does include the 4.x line:
...
3.18.0: https://download.run.pivotal.io/contrast-security/contrast-agent-3.18.0.jar
3.18.1: https://download.run.pivotal.io/contrast-security/contrast-agent-3.18.1.jar
4.0.0: https://download.run.pivotal.io/contrast-security/contrast-agent-4.0.0.jar
4.1.0: https://download.run.pivotal.io/contrast-security/contrast-agent-4.1.0.jar
4.2.0: https://download.run.pivotal.io/contrast-security/contrast-agent-4.2.0.jar
4.2.1: https://download.run.pivotal.io/contrast-security/contrast-agent-4.2.1.jar
4.2.2: https://download.run.pivotal.io/contrast-security/contrast-agent-4.2.2.jar
4.3.0: https://download.run.pivotal.io/contrast-security/contrast-agent-4.3.0.jar
4.3.1: https://download.run.pivotal.io/contrast-security/contrast-agent-4.3.1.jar
4.4.0: https://download.run.pivotal.io/contrast-security/contrast-agent-4.4.0.jar
You should be able to override the default version by setting the config variable, e.g. JBP_CONFIG_CONTRAST_SECURITY_AGENT
'{ version: 4.+ }'
With latest v4.59.0, the Contrast agent is bumped to v5 (5.0.2), so I will close this issue as resolved.
Could you please advise us if the used contrast security agent in the contrast_security_agent.yml is from the Maven Central (as described), since in the yml file it refers repository_root: https://download.run.pivotal.io/contrast-security . Also, currently on Maven Central the version is 4.4.0 while here, in the contrast_security_agent.yml version: 3.+ . Is there any specific reason for that? Thank you, Anna