Awesome

That's a demo of the scala support of hawkeyesec's scanner-cli.

This demo uses sbt-native-packager universal package to build the app. If you're using sbt-assembly, check this branch.

To run the scanner:

sbt clean universal:packageBin
docker run --rm -v $PWD:/target hawkeyesec/scanner-cli

Then you should see some offenses generated by find-sec-bugs and a few more by java-owasp.

Notice that, with this setup, find-sec-bugs won't scan the dependencies of the project. If you want to have the dependencies scanned you can add retrieveManaged := true to the build.sbt so that the jars are copied locally during the build.