Home Enterprise Further Enterprise security analysis for Scala

Further Enterprise security analysis for Scala

Author

Date

Category

We’re excited to announce the latest addition to our suite of security analysis: Spotbugs.

SpotBugs is a program which uses static analysis to look for bugs in Java code. It checks for more than 400 bug patterns. SpotBugs is the successor of FindBugs, an open-source static code analyzer.

SpotBugs picks up from the point FindBugs leaves off. At the same time, it maintains the support of the Findbugs’ community.

We’ve also bundled Find Security Bugs: a SpotBugs plugin for security audits of Scala web applications. The issues reported cover the OWASP Top 10 and CWE standards.

It includes security patterns such as Potential Path Traversal, Potential Command Injection, Potential SQL Injection, Potential XSS and others.

Example of Potential Scala Slick Injection: WASC-19; CAPEC-66; CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’); OWASP: Top 10 2013-A1-Injection.

Failure to use bound variables in prepared statements leaves you at the risk of attackers performing SQL injection.

Try it out for yourself:

  1. git clone https://github.com/qamine-test/play-spotbugs-test.git
  2. sbt compile
  3. codacy-analysis-cli analyse –tool spotbugs –directory `pwd` –allow-network

We’re making these new patterns available for Self-hosted users in the next update for Apex, PHP, C/C++, Shell script, Dockerfile, Visual Basic, Elixir, PowerShell, TSQL and Groovy, besides the existing C#, Java, JavaScript, Python and Ruby support. You can get started by following our guide to run Spotbugs.

If you haven’t tried Codacy yet, contact us to install Codacy on-premise.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

Recent posts

June Product Update: Bulk copy of patterns, new tools, and more. 🚀

Hi there 👋, If you don't receive our monthly newsletter, here's another chance to see what we've been up to...

A tale of four metrics

I’d like to share the story of a successful startup, whose engineering team more than doubled in the last year and how they used...

Automate Your Code Quality With Codacy – Website Planet

Jaime Jorge is a co-founder of Codacy – an automated code review that helps developers save time in code reviews and to tackle the...

May Product Update: Repository list, performance improvements, UX improvements, and more 🚀

Here are the product updates from May! This month we bring you new features, product improvements, and more interesting news to come. 🤩 We also...

April Product Update: New features and improvements, a recorded Codacy Analysis CLI webinar and more 🚀

Here are the product updates from April! This month we bring you new features, product improvements, a recorded Codacy Analysis CLI webinar we held,...