Scala

You can use the Contrast Java agent with Contrast Assess or Contrast SCA to analyze Scala-based applications.

The Java agent analyzes Scala web applications built on traditional application servers, and newer Scala web applications such as those built with Play. If there's a JVM, the Scala agent can provide security insights.

As your application runs, the Java agent's sensors gather information about the application's security, architecture and libraries. You can see the results of the agent's analysis in Contrast.

The Scala agent supports these Contrast features:

  • Route coverage

  • Flow maps

  • SCA library discovery

With the Scala agent, you can use these types of Assess rules:

  • SQL injection

  • Path traversal

  • Command injection

  • Cross-site scripting (XSS)

  • XML external entity (XXE)

  • XPath injection

  • Header injection

  • Untrusted deserialization

  • Cookie

    Only these rules:

    • Cookie has no ‘secure’ flag

    • Session cookie has no ‘HttpOnly’ flag

Run your Scala Play application

To run the Scala Play application, you must enable three properties:

  • contrast.agent.java.enable_scala_support

  • contrast.agent.java.enable_akka_support

  • contrast.agent.java.enable_play_support

To configure the agent, use the JAVA_OPTS environment variable to attach and configure the agent. (Alternatively, if you have a standalone fat JAR, you can use system properties.)

Enable these properties (with YAML, command line or environment variables):

-Dcontrast.agent.java.enable_scala_support=true
-Dcontrast.agent.java.enable_akka_support=true
-Dcontrast.agent.java.enable_play_support=true
In this section: