Is there any OWASP checking tool for scala project?

Question

I found there is an OWASP dependency checking tool for Java projects: https://www.owasp.org/index.php/OWASP_Dependency_Check

I tried the tool on Scala projects, but it can find no dependencies.

Is there any similar thing for Scala projects?

Answer 1

There is one now (June 2016): albuch/sbt-dependency-check from Alexander v. Buchholtz.

SBT Plugin for OWASP DependencyCheck.
This can be used to monitor dependencies used in an application and report if there are any publicly known vulnerabilities (e.g. CVEs).

Runs dependency-check against the current project,its aggregate and dependencies and generates a report for each project.

You need to add to your project/plugins.sbt

addSbtPlugin("net.vonbuchholtz" % "sbt-dependency-check" % "3.3.0")

and after that simply call

$ sbt dependencyCheck

The report will be written to the location crossTarget.value(by default it is target/scala-2.11/).