Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is there any OWASP checking tool for scala project?

Tags:

scala

owasp

I found there is an OWASP dependency checking tool for Java projects: https://www.owasp.org/index.php/OWASP_Dependency_Check

I tried the tool on Scala projects, but it can find no dependencies.

Is there any similar thing for Scala projects?

like image 679
Freewind Avatar asked Apr 23 '15 07:04

Freewind


1 Answers

There is one now (June 2016): albuch/sbt-dependency-check from Alexander v. Buchholtz.

SBT Plugin for OWASP DependencyCheck.
This can be used to monitor dependencies used in an application and report if there are any publicly known vulnerabilities (e.g. CVEs).

Runs dependency-check against the current project,its aggregate and dependencies and generates a report for each project.

You need to add to your project/plugins.sbt

addSbtPlugin("net.vonbuchholtz" % "sbt-dependency-check" % "3.3.0")

and after that simply call

$ sbt dependencyCheck

The report will be written to the location crossTarget.value(by default it is target/scala-2.11/).

like image 91
VonC Avatar answered Oct 24 '22 04:10

VonC