That's a demo of the scala support of hawkeyesec's scanner-cli.
This demo uses sbt-native-packager universal package to build the app. If you're using sbt-assembly, check this branch.
To run the scanner:
sbt clean universal:packageBin
docker run --rm -v $PWD:/target hawkeyesec/scanner-cli
Then you should see some offenses generated by find-sec-bugs and a few more by java-owasp.
Notice that, with this setup, find-sec-bugs won't scan the dependencies of the project. If you want to have the
dependencies scanned you can add retrieveManaged := true
to the build.sbt
so that the jars are copied locally
during the build.