This article shows you how to analyze your applications that are written in Scala. It assumes that you have already installed and authenticated with ShiftLeft.
Inspect supports the analysis of applications written in Scala 2.12 (or later).
Inspect's code analysis is performed on compiled application bytecode (not on source code) and the code analysis process includes a build of your application. As such, you must build your application before you can analyze the application with Inspect.
Some build tools you might consider include Maven, Gradle, sbt, etc.
To analyze your Scala application, run:
sl analyze --app <name> --java [<path>]
The name of the application to be analyzed
The flag identifying the application's language
The location of the application's
If you're using a templating framework like JavaServer Pages (JSP), the templates are included in the
.war file analyzed.
Optionally, you can choose to analyze your application using the Code Property Graph (CPG) mode. With CPG mode, ShiftLeft builds the CPG locally, then uploads it (rather than your application's code) to the ShiftLeft cloud for analysis.
To analyze your application using CPG mode, include the option
--cpg in the
sl analyze command (e.g.,
sl analyze --app <name> --scala --cpg <path>).