Contrast Security’s AppSec Platform Now Available on DoD’s Platform One for Built-in ATO for Secure Cloud-based Application Development

Contrast’s Assess, OSS, and Protect Solutions Approved Per U.S. DoD Security and Compliance Standards to Deliver Real-time Application Security and Reliability Throughout the DevOps Process

LOS ALTOS, Calif., Aug. 19, 2020 (GLOBE NEWSWIRE) -- Contrast Security, the only provider of continuous, embedded security analysis and attack prevention for applications, today announced its entire Application Security Platform has been accepted into the Department of Defense’s Platform One approved application portal.

This designation provides Certificate to Field (CtF) for DoD application developers to immediately deploy Contrast’s platform of end-to-end solutions to assess and mitigate security risks within applications across the entire software development life cycle (SDLC) in modern cloud-based DevOps environments. That means DoD teams can eliminate the lengthy auditing and approval process required to obtain Authorization to Operate (ATO) and immediately put Contrast’s Assess, OSS, and Protect solutions to work for continuous security observability of applications, seamless integration into IDE, and a continuous integration/continuous deployment (CI/CD) pipeline from development through production.

A project of the U.S. Air Force and the DoD, Platform One provides the Iron Bank a preapproved repository of containers that have cleared DoD’s stringent cybersecurity requirements for DoD software developers. Choosing solutions from Platform One streamlines the cloud-based development process and helps federal agency DevOps teams to quickly turn out vital software applications in a secure, efficient, and agile environment.

“We are very pleased to have Contrast Security as part of the Iron Bank,” said Nicolas Chaillan, Chief Software Officer of the U.S. Air Force and co-lead of the DoD Enterprise DevSecOps initiative.

With the Contrast Security platform, developers can ensure application security from the inside out with real-time assessment and protection. Unlike most application security solutions that evaluate after the fact and capture point-in-time views, Contrast leverages instrumentation to embed security within the application throughout the SDLC. This eliminates security bottlenecks in development, reduces false positives and negatives, and scales security assurance across the application life span.

Contrast Security’s complete platform is fully approved for Platform One-based applications, including:

  • Contrast Assess, which automatically identifies vulnerabilities in real time during the code-writing process. With instant alerts, developers can find and fix vulnerabilities immediately to ensure fast-track delivery.
  • Contrast OSS to detect and assess the risk of open-source software (OSS) components used in the application build. OSS triggers alerts when risks and policy violations are detected, allowing developers to update proper versioning and usage.
  • Contrast Protect for continuous analysis of runtime events to confirm exploitability before blocking an attack. This eliminates false-positive alerts that plague perimeter defense solutions while continuously detecting and preventing both known vulnerabilities and zero-day attacks.

Because Contrast operates from within the application itself, it can monitor all parts of the application, including microservices, custom code, application programming interfaces (APIs), and open-source libraries. Its real-time, continuous assessment substantially improves efficiency for federal constituents by detecting and remediating problems immediately.

“From the beginning, Contrast solutions have been built for modern software development, which is exactly what Platform One is enabling for the DoD,” said Contrast Chief Strategy Officer Surag Patel. “By providing built-in ATO delivered through Platform One, our solutions can now be seamlessly leveraged by our federal partners to deliver application security at the speed and scale required to meet the federal government’s accelerating demands.”

To learn more about deploying Contrast Security’s Application Security Platform, visit

About Contrast Security
Contrast Security is the world's leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of secure software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production. More information can be found at or by following Contrast on Twitter at @ContrastSec.

Media Contact:
Tony Keller
OutVox for Contrast Security