I found there is an OWASP dependency checking tool for Java projects: https://www.owasp.org/index.php/OWASP_Dependency_Check
I tried the tool on Scala projects, but it can find no dependencies.
Is there any similar thing for Scala projects?
There is one now (June 2016): albuch/sbt-dependency-check
from Alexander v. Buchholtz.
SBT Plugin for OWASP DependencyCheck.
This can be used to monitor dependencies used in an application and report if there are any publicly known vulnerabilities (e.g. CVEs).
Runs dependency-check against the current project,its aggregate and dependencies and generates a report for each project.
You need to add to your project/plugins.sbt
addSbtPlugin("net.vonbuchholtz" % "sbt-dependency-check" % "3.3.0")
and after that simply call
$ sbt dependencyCheck
The report will be written to the location crossTarget.value(by default it is target/scala-2.11/).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With