You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi :)
Curious if SBT is anywhere on the roadmap, It'd be super awesome if we could scan build.sbt files for dependency vulnerabilities using osv-scanner!
Thanks in advance!
The text was updated successfully, but these errors were encountered:
I don't believe any of us are familiar with Scala or were aware of SBT before. Is there a specific canonical package manager for Scala? Or is this just Maven?
SBT is indeed the primary build tool for Scala projects, similar to Maven or Gradle for Java
It uses a file called build.sbt to define dependencies. This file is essential for dependency management in Scala projects and can be scanned for vulnerabilities
Unlike Maven, which uses XML, SBT's build files are Scala code
Thanks for the response! My question wasn't phrased well since Maven is a bit of an overloaded term -- it refers to both a package repository protocol and an overall build system/tool.
Do the dependencies specified inside build.sbt refer to packages inside a Maven repository? Or are there SBT specific repositories for dependencies? It sounds like if they refer to Maven packages, we just need to extract "ecosystem": "Maven" packages from them?
Contributions are also very welcome, if you are able to help with creating a PR for this!
Hi :)
Curious if SBT is anywhere on the roadmap, It'd be super awesome if we could scan
build.sbt
files for dependency vulnerabilities using osv-scanner!Thanks in advance!
The text was updated successfully, but these errors were encountered: