Looking for a Static Code Analysis tool for Scala Code

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/cybersecurity

Our great sponsors
  • Mergify - Automate your Pull Request with Mergify
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • Scout APM - Less time debugging, more time building
  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ

  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ

  • Mergify

    Automate your Pull Request with Mergify. Mergify is the most powerful merge queue tool that offers speculative checks, batch merges, and multiple queueing options. Coordinated with any CI and fully integrated to GitHub. Get started or request a demo!

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts