Giter Site home page Giter Site logo

lightbend-labs / scala-fortify-sample Goto Github PK

View Code? Open in Web Editor NEW
0.0 2.0 2.0 28 KB

Fortify+Scala+sbt example

Home Page: https://developer.lightbend.com/docs/fortify/current/

License: Creative Commons Zero v1.0 Universal

Scala 100.00%
fortify sbt scala security

scala-fortify-sample's Introduction

Fortify + Scala + sbt

This example of how to enable or disable Fortify translation of Scala code in an sbt build using a command line flag.

This is typically used for leaving the Fortify plugin disabled during normal development, but enabling it when needed, such as in a special CI job.

How to use it

To compile your code with Fortify enabled:

sbt -DfortifyEnabled=true compile

If it worked, you should see output like:

scala-fortify ... licensed to ...@lightbend (expires: ...)
scala-fortify: writing translated files to .../.fortify/sca.../build/sample

If you run sbt without the extra flag, Fortify remains completely disabled.

How it works

The fortify.sbt file adds a new sbt setting fortifyEnabled which looks at a Java system property of the same name to decide whether to add the plugin to the classpath and control it using compiler options.

Other sample repos

The following small sample applications contains example security vulnerabilities caught by Fortify:

In both repos, the Fortify configuration files are on a fortify branch.

Documentation

For full documentation on using the Fortify plugin for Scala, visit https://developer.lightbend.com/docs/fortify/current/

scala-fortify-sample's People

Contributors

sethtisue avatar vpetro avatar scala-steward avatar

Watchers

avatar Michael Nash avatar

Forkers

scala-steward pchannimf

scala-fortify-sample's Issues

sbt cannot resolve dependencies

Full log is attached. This was done after removing the ~/.sbt directory, ie no extra global settings are being used.

code/hello-scala master λ sbt compile
[info] welcome to sbt 1.3.13 (Oracle Corporation Java 1.8.0_192)
[info] loading settings for project hello-scala-build-build-build from metals.sbt ...
[info] loading project definition from /Users/petrov/code/hello-scala/project/project/project
[info] loading settings for project hello-scala-build-build from metals.sbt ...
[info] loading project definition from /Users/petrov/code/hello-scala/project/project
[success] Generated .bloop/hello-scala-build-build.json
[success] Total time: 0 s, completed 22-Aug-2020 4:10:23 PM
[info] loading settings for project hello-scala-build from lightbend.sbt,metals.sbt ...
[info] loading project definition from /Users/petrov/code/hello-scala/project
[success] Generated .bloop/hello-scala-build.json
[success] Total time: 0 s, completed 22-Aug-2020 4:10:24 PM
[info] loading settings for project hello-scala from build.sbt ...
[info] set current project to example (in build file:/Users/petrov/code/hello-scala/)
[info] Executing in batch mode. For better performance use sbt's shell
[info] Updating
[info] Resolved  dependencies
[warn]
[warn]  Note: Unresolved dependencies path:
[error] sbt.librarymanagement.ResolveException: Error downloading com.lightbend:scala-fortify_2.13.3:1.0.17
[error]   Not found
[error]   Not found
[error]   not found: /Users/petrov/.ivy2/local/com.lightbend/scala-fortify_2.13.3/1.0.17/ivys/ivy.xml
[error]   not found: https://repo1.maven.org/maven2/com/lightbend/scala-fortify_2.13.3/1.0.17/scala-fortify_2.13.3-1.0.17.pom
[error]         at lmcoursier.CoursierDependencyResolution.unresolvedWarningOrThrow(CoursierDependencyResolution.scala:249)
[error]         at lmcoursier.CoursierDependencyResolution.$anonfun$update$35(CoursierDependencyResolution.scala:218)
[error]         at scala.util.Either$LeftProjection.map(Either.scala:573)
[error]         at lmcoursier.CoursierDependencyResolution.update(CoursierDependencyResolution.scala:218)
[error]         at sbt.librarymanagement.DependencyResolution.update(DependencyResolution.scala:60)
[error]         at sbt.internal.LibraryManagement$.resolve$1(LibraryManagement.scala:52)
[error]         at sbt.internal.LibraryManagement$.$anonfun$cachedUpdate$12(LibraryManagement.scala:102)
[error]         at sbt.util.Tracked$.$anonfun$lastOutput$1(Tracked.scala:69)
[error]         at sbt.internal.LibraryManagement$.$anonfun$cachedUpdate$20(LibraryManagement.scala:115)
[error]         at scala.util.control.Exception$Catch.apply(Exception.scala:228)
[error]         at sbt.internal.LibraryManagement$.$anonfun$cachedUpdate$11(LibraryManagement.scala:115)
[error]         at sbt.internal.LibraryManagement$.$anonfun$cachedUpdate$11$adapted(LibraryManagement.scala:96)
[error]         at sbt.util.Tracked$.$anonfun$inputChanged$1(Tracked.scala:150)
[error]         at sbt.internal.LibraryManagement$.cachedUpdate(LibraryManagement.scala:129)
[error]         at sbt.Classpaths$.$anonfun$updateTask0$5(Defaults.scala:2950)
[error]         at scala.Function1.$anonfun$compose$1(Function1.scala:49)
[error]         at sbt.internal.util.$tilde$greater.$anonfun$$u2219$1(TypeFunctions.scala:62)
[error]         at sbt.std.Transform$$anon$4.work(Transform.scala:67)
[error]         at sbt.Execute.$anonfun$submit$2(Execute.scala:281)
[error]         at sbt.internal.util.ErrorHandling$.wideConvert(ErrorHandling.scala:19)
[error]         at sbt.Execute.work(Execute.scala:290)
[error]         at sbt.Execute.$anonfun$submit$1(Execute.scala:281)
[error]         at sbt.ConcurrentRestrictions$$anon$4.$anonfun$submitValid$1(ConcurrentRestrictions.scala:178)
[error]         at sbt.CompletionService$$anon$2.call(CompletionService.scala:37)
[error]         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error]         at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[error]         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error]         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[error]         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[error]         at java.lang.Thread.run(Thread.java:748)
[error] (update) sbt.librarymanagement.ResolveException: Error downloading com.lightbend:scala-fortify_2.13.3:1.0.17
[error]   Not found
[error]   Not found
[error]   not found: /Users/petrov/.ivy2/local/com.lightbend/scala-fortify_2.13.3/1.0.17/ivys/ivy.xml
[error]   not found: https://repo1.maven.org/maven2/com/lightbend/scala-fortify_2.13.3/1.0.17/scala-fortify_2.13.3-1.0.17.pom
[error] Total time: 1 s, completed 22-Aug-2020 4:10:25 PM

Add CI

(I can copy what I did using GitHub Actions in akka-http-webgoat and play-webgoat)

Make it multi-project

real world builds generally have subprojects, it's what people actually need help figuring out

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.