Scala
You can use the Contrast Java agent with Contrast Assess or Contrast SCA to analyze Scala-based applications.
The Java agent analyzes Scala web applications built on traditional application servers, and newer Scala web applications such as those built with Play. If there's a JVM, the Scala agent can provide security insights.
As your application runs, the Java agent's sensors gather information about the application's security, architecture and libraries. You can see the results of the agent's analysis in Contrast.
The Scala agent supports these Contrast features:
Route coverage
Flow maps
SCA library discovery
With the Scala agent, you can use these types of Assess rules:
SQL injection
Path traversal
Command injection
Cross-site scripting (XSS)
XML external entity (XXE)
XPath injection
Header injection
Untrusted deserialization
Cookie
Only these rules:
Cookie has no ‘secure’ flag
Session cookie has no ‘HttpOnly’ flag
Run your Scala Play application
To run the Scala Play application, you must enable three properties:
contrast.agent.java.enable_scala_support
contrast.agent.java.enable_akka_support
contrast.agent.java.enable_play_support
To configure the agent, use the JAVA_OPTS environment variable to attach and configure the agent. (Alternatively, if you have a standalone fat JAR, you can use system properties.)
Enable these properties (with YAML, command line or environment variables):
-Dcontrast.agent.java.enable_scala_support=true -Dcontrast.agent.java.enable_akka_support=true -Dcontrast.agent.java.enable_play_support=true