SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Implementing Snyk in your teams
Getting started
Snyk Web UI
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
SNYK PRODUCTS
Snyk Open Source
Getting started with Snyk Open Source
Open Source basics
Open Source language and package manager support
Snyk for .NET
Snyk for Bazel
Snyk for C / C++
Snyk for Elixir
Snyk for Go
Snyk for Java and Kotlin
Snyk for JavaScript
Snyk for PHP
Snyk for Python
Snyk for Ruby
Snyk for Scala
Snyk for Swift and Objective-C (CocoaPods)
Licenses
License policies
Dependency management
Use Snyk Open Source from the CLI
Snyk Code
Snyk Container
Snyk Infrastructure as Code
USING SNYK
Snyk Broker
User and group management
Fixing and prioritizing issues
Reports
Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
Snyk Partner workshops
Powered By GitBook
Snyk for Scala
Snyk supports testing and monitoring Scala projects that have their dependencies managed by sbt​

Features of Snyk support for Scala

The following tables provide an outline of the general features Snyk offers by package manager. In addition to these features, Snyk may offer extra functionality related to the specific integration configurations.
Some features might not be available, depending on your pricing plan. See pricing plans for more details.
Package managers / Features
CLI support
Git support
License scanning
Fix PRs
​sbt​
✔︎
✔︎
✔︎
​

How scanning Scala projects works

To scan your dependencies, you must ensure you have first installed the relevant package manager, and that your project contains the supported manifest files.
Snyk scans Scala projects by running sbt plugins or examining your build.sbt, and compares the versions of every direct and transitive dependency in your project against Snyk's Maven vulnerability database.

Snyk CLI tool for Scala projects

The Snyk CLI uses the sbt-dependency-graph plugin which has been included in sbt as a built-in plugin since sbt 1.4.
However, the recommended method of calling the plugin in sbt 1.4+ is not currently compatible with Snyk. Use the legacy method, addSbtPlugin(), instead (see below).
You will most likely want to install sbt-dependency-graph as a global plugin so you can use it in any sbt project.
To do this, add the plugin dependency to ~/.sbt/0.13/plugins/plugins.sbt for sbt 0.13 or ~/.sbt/1.0/plugins/plugins.sbt for sbt 1.0+.
To add the plugin to a single project only, update the project/plugins.sbt of your project instead.
Regardless of which sbt version you are using, you must use the following command in the relevant plugins.sbt file:
addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.10.0-RC1")
Do not use the addDependencyTreePlugin command which the sbt-dependency-graph plugin docs recommend for sbt 1.4+. This is incompatible with the Snyk CLI. use the addSbtPlugin() command as given above.
For more details on installing sbt-dependency-graph for use with the Snyk CLI, see the article "How to install the SBT dependency graph plugin to test Scala projects with Snyk CLI."

Git services for Scala projects

Scala sbt projects can be imported from any of the Git repositories Snyk supports.
To test your Scala projects using sbt as a package manager, Snyk analyzes your build.sbt file, and so you must have this file in your repository before importing.
Previous
Snyk for Ruby
Next
Snyk for Swift and Objective-C (CocoaPods)
Last modified 8d ago
Export as PDF
Copy link
Edit on GitHub
Contents
Features of Snyk support for Scala
How scanning Scala projects works
Snyk CLI tool for Scala projects
Git services for Scala projects