ShiftLeft products support applications written in Scala 2.12+.
ShiftLeft Inspect's Scala code analysis is performed on compiled application bytecode (not source code). As such, you must successfully build your application using a supported build tool before you submit the application for analysis.
After installing the ShiftLeft Command Line Interface (CLI) and authenticating, use the following command to analyze your Scala application with ShiftLeft Inspect
sl analyze --app <name> --java [<path>]
where
--app <name>
analyze the application of <name>
.
--java
identity of the application's language.
<path>
location of the .scala
file to be analyzed.
​Analyze Applications​
​Identify Branch Names​
​Fail a Build Based on Analysis Results​
You can examine and investigate only compiled application bytecode (not source code) using ShiftLeft Ocular. This means that for Scala applications, you must successfully build your application using a supported build tool beforehand.
After installing the ShiftLeft Command Line Interface (CLI), authenticating and starting ShiftLeft Ocular, you create the Code Property Graph (CPG) for your Scala application using
ocular> createCpg(<inputPaths>)
where <inputPaths>
is the path of the target application; multiple applications are separated by a comma. For Scala, the path is the archive (JAR, WAR or EAR file). For example, createCpg("subjects/hello-shiftleft-0.0.1-SNAPSHOT.jar").
For more information, including additional options, refer to the article Creating the CPG​
​Generate the Security Profile​
​Querying the CPG and Security Profile​
​Uncover the Attack Surface​
After installing the ShiftLeft Command Line Interface (CLI) and authenticating, use the following command to monitor and protect your Scala application with ShiftLeft Protect
sl run --app <name> --java
where
--app <name>
. Specifies your application's unique name.
--java
identity of the application's language.
​Secure Your Applications Using ShiftLeft Protect​
​Run ShiftLeft Protect​
​The ShiftLeft JSON File​