Is there any OWASP checking tool for scala project?

Question

I found there is an OWASP dependency checking tool for Java projects: https://www.owasp.org/index.php/OWASP_Dependency_Check

I tried the tool on Scala projects, but it can find no dependencies.

Is there any similar thing for Scala projects?

Which build tool are you using? – Dr.Haribo Sep 27 '15 at 13:44 — Dr.Haribo, Sep 27 '15 at 13:44

score 5 · Answer 1 · edited Dec 03 '21 at 07:55

5

There is one now (June 2016): albuch/sbt-dependency-check from Alexander v. Buchholtz.

SBT Plugin for OWASP DependencyCheck.
This can be used to monitor dependencies used in an application and report if there are any publicly known vulnerabilities (e.g. CVEs).

Runs dependency-check against the current project,its aggregate and dependencies and generates a report for each project.

You need to add to your project/plugins.sbt

addSbtPlugin("net.vonbuchholtz" % "sbt-dependency-check" % "3.3.0")

and after that simply call

$ sbt dependencyCheck

The report will be written to the location crossTarget.value(by default it is target/scala-2.11/).

edited Dec 03 '21 at 07:55

user1053510

1,548
1
15
23

answered Jun 16 '16 at 08:44

VonC

1,262,500
529
4,410
5,250

As of today the current version is 3.3.0 - Don't blindly copy&paste the snippet above! Always check if there's a more recent version available. – user1053510 Dec 02 '21 at 15:49
@user1053510 Indeed. Could you edit this answer and put the updated snippet for SBT 3.3.0? – VonC Dec 02 '21 at 16:24

Is there any OWASP checking tool for scala project?

1 Answers1