Checkmarx Expands Scala
February 1, 2017
is offering open beta support of the Scala programming language. The new
capability adds the ability to analyze and remediate security risks and
vulnerabilities exposed in projects written using Scala code.
Checkmarx is the first static analysis solution to support Scala. The
added capability not only allows the detection of vulnerabilities within
Scala code, but also the ability to identify security and compliance
issues in the flows between Scala and Java, and vice versa – enabling
applications built using both Java and Scala to be fully analyzed using
a single Checkmarx scan. With Checkmarx, users can identify a wide range
of potential vulnerabilities in Scala code such as code injections,
connection string injections, reflected XSS, SQL injections, stored XSS
and many more.
The growing success of the Scala programming language has incentivized
organizations globally to shift away from using Java, with Scala
predicted to become a preferred choice by developers. Due to the rise in
popularity, there is an urgent need to address the risks that may be
exposed if coding is not done in a secure manner. Without a way to
analyze Scala code statically the industry will soon find itself
combating breaches exposed by bad Scala coding techniques.
are seeing a growing market need for Scala, especially from our
enterprise customers,” says Nir Livni, vice president of Products.
“Scala is increasingly becoming the preferred language of choice for
many development organizations. In order to deliver secure Scala
applications, developers are looking for a solution that guides them
where and how to fix vulnerabilities in their Scala source code.”
Checkmarx CxSAST addresses more than 20 different programming languages,
and Scala is its latest addition. By empowering organizations to
seamlessly integrate the source code analysis of Scala within the
software development life cycle, organizations can now securely shift
from Java to Scala while keeping the highest rate of code security
standards and ensuring a secure software development life cycle.