That's a demo of the scala support of hawkeyesec's scanner-cli.
This demo uses sbt-native-packager universal package to build the app. If you're using sbt-assembly, check this branch.
To run the scanner:
sbt clean universal:packageBin
docker run --rm -v $PWD:/target hawkeyesec/scanner-cliThen you should see some offenses generated by find-sec-bugs and a few more by java-owasp.
Notice that, with this setup, find-sec-bugs won't scan the dependencies of the project. If you want to have the
dependencies scanned you can add retrieveManaged := true to the build.sbt so that the jars are copied locally
during the build.