Scaling to Scala

Scala developers ship quickly, using the power of a scalable language as their ideas move from concept to prototype and production. As a language that runs on the JVM, it's a natural fit to work with Contrast's fast security detection to detect and keep vulnerabilities out of production. We're excited to partner with many engineering organizations as we work to support Scala 2.12, Play, Akka, and more.

The application security testing software has the ability to detect Scala security vulnerabilities similar to the way that Scala integrates with the underlying Java Platform itself. Scala developers can add the agent to their Scala applications and let the automated security testing tool run to detect security flaws as the application is used. Scala developers can remain focused on their own application and code: they do not need to become or consult with security experts.

In light of the recent log4j2 exploit vulnerability, Scala applications run on the Java Virtual Machine and run Java libraries. Many Scala applications may also be impacted by the recent log4j2 vulnerability. With the Contrast Security vulnerability testing agent, you can detect if this log4j2 vulnerability affects your Scala applications and do something about it.

The Contrast Security vulnerability testing agent integrates into Scala applications using the Java instrumentation APIs to monitor an application and understand what the JVM is doing and how Scala code is connecting the overall code flow. This level of monitoring enables developers to locate vulnerabilities like File Manipulation, Command Injection, Insecure Deserialization, and other flaws. The custom Scala handling provides different levels of API visibility that focus on the ways that Scala differs from core Java, adding support for the unique features that Scala brings to the table. Additional security detection is available for developers using common Scala libraries, including Play (for web applications) and Akka (for microservice interconnections). Developers working in Akka can see a custom Flow Map that represents the code flow between where data comes from, what it accesses, how the service connects with other scala services -- Flow Maps bring the security perspective into the overall architectural view.

How can I partner with Contrast on Scala

We are looking for feedback from Scala developers who are moving quickly with their applications. Development partnerships can be in any industry. If you are using Play and/or Akka we are solociting feedback on library support -- if you use other frameworks like Spring Boot or other Java frameworks, you can still participate.

If you are not yet a Contrast customer, please contact us to discuss participation. If you are an existing Contrast customer, please ask your support or customer success representative for access.

What we are looking for

• Companies actively building on Scala
• Organizations that can quickly use the new agent in their test (non-prod) environments
• About an hour periodically as feedback is needed (often weekly or bi-weekly)

Simply reach out to scala-beta@contrastsecurity.com

Connect with us now to learn how Contrast can protect your Java applications against exploits like Log4j and how you can get started at no charge today.