Contrast Security offers a security platform with multiple components, including static application security testing (SAST), interactive application security testing (IAST), open-source scanning and runtime application self-protection (RASP). It's been around for a few years now, and we've used it in multiple projects. One of the things we quite like about the Contrast platform is its run-time analysis of libraries; it helps identify libraries that are not used, which in turn helps our teams prioritize vulnerabilities and potentially get rid of unused libraries. This is particularly relevant given the increased importance of securing the software supply chain. We also quite like its IAST component; we've found it effective in our continuous delivery (CD) pipeline with reduced false positives, and it manages to catch a good range of vulnerabilities.
