The new capability adds the ability to analyse and remediate security risks and vulnerabilities exposed in projects written using Scala code.

Checkmarx is thought to be the first static analysis solution to support Scala. The added capability not only allows the detection of vulnerabilities within Scala code, but also the ability to identify security and compliance issues in the flows between Scala and Java, and vice versa – enabling applications built using both Java and Scala to be fully analysed using a single Checkmarx scan. With Checkmarx, users can identify a wide range of potential vulnerabilities in Scala code such as code injections, connection string injections, reflected XSS, SQL injections, stored XSS and many more.

The growing success of the Scala programming language has incentivised organisations globally to shift away from using Java, with Scala predicted to become a preferred choice by developers. Due to the rise in popularity, there is an urgent need to address the risks that may be exposed if coding is not done in a secure manner. Without a way to analyse Scala code statically the industry will soon find itself combating breaches exposed by bad Scala coding techniques.

“We are seeing a growing market need for Scala, especially from our enterprise customers,” says Nir Livni, vice president of Products. “Scala is increasingly becoming the preferred language of choice for many development organisations. In order to deliver secure Scala applications, developers are looking for a solution that guides them where and how to fix vulnerabilities in their Scala source code.”

Checkmarx CxSAST addresses more than 20 different programming languages, and Scala is its latest addition. By empowering organisations to seamlessly integrate the source code analysis of Scala within the software development life cycle, organisations can now securely shift from Java to Scala while keeping the highest rate of code security standards and ensuring a secure software development life cycle.