Scala
Supported frameworks and package managers
Code analysis
Snyk Code for Scala
Interfile is supported, as the data flow is monitored between multiple files.
Snyk Code supports the following frameworks:
Play Framework
Akka
HTTP4S
Open source and licensing
Below is a summary of the features offered by Snyk for Scala, organized by package manager. In addition to these features, Snyk may offer additional functionality related to specific integration configurations.
| Package managers / Features | CLI support | Git support | License scanning | Fix PRs |
|---|---|---|---|---|
✔︎ | ✔︎ | ✔︎ |
To scan your dependencies, you must ensure you have first installed the relevant package manager and that your Project contains the supported manifest files.
Getting started with Snyk for Scala across environments
Snyk CLI
Prerequisites
Set the default Organization for all Snyk tests (code analysis)
Code analysis
To start testing your code using Snyk Code open your repository in a terminal and run the following command:
To customize test options, run other commands, exclude directories and files, and explore the results in different formats, see the following:
Open source and licensing
The Snyk CLI uses the sbt-dependency-graph plugin, which has been included in sbt as a built-in plugin since sbt 1.4.
However, the recommended method of calling the plugin in sbt 1.4+ is not currently compatible with Snyk. Use the legacy method, addSbtPlugin() instead (see the following).
Snyk recommends installing the sbt-dependency-graph as a global plugin so you can use it in any sbt project.
To do this, add the plugin dependency to ~/.sbt/0.13/plugins/plugins.sbt for sbt 0.13 or ~/.sbt/1.0/plugins/plugins.sbt for sbt 1.0+.
To add the plugin to a single Project only, update the project/plugins.sbt of your Project instead.
Regardless of which sbt version you are using, you must use the following command in the relevant plugins.sbt file:
addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.10.0-RC1")
Do not use theaddDependencyTreePlugin command which thesbt-dependency-graphplugin docs recommend forsbt 1.4+. This is incompatible with the Snyk CLI.
Use theaddSbtPlugin() command as given above.
For more details on installing sbt-dependency-graph for use with the Snyk CLI, see the article How to install the SBT dependency graph plugin to test Scala projects with Snyk CLI.
Snyk Web UI (Git repository integration)
Scala sbt Projects can be imported from any of the Git repositories that Snyk supports.
To test your Scala Projects using sbt as a package manager, Snyk analyzes your build.sbt file.
To ensure that this works properly, you must have this file in your repository before importing your projects.
You can’t declare versions of dependencies in a file that is not accessible to Snyk using a Source Code Manager (SCM) integration, for example, Dependencies.scala.
To ensure that your Scala dependencies are detected when you import your Projects using an SCM integration, your
build.sbtdependencies must be declared in a format that Snyk can detect, for example:"commons-io" % "commons-io" % "2.11.0".You can use a version declared in a variable if the variable is in the
build.sbtfile, for example:
For more details, see Scanning a remote repository using the Snyk Web UI.
Snyk integrations
🔗 For integrated development environments, see Use Snyk in your IDE.
🔗 If you prefer continuous integration/continuous delivery workflows, you can scan with Snyk based on the integration with your automation software (see Snyk CI/CD and Snyk API).
Troubleshooting
If you need help, contact Snyk Support.
Last updated