Code Analysis Tools

Code Analysis Tools

Lightbend Analysis Products

Security Analysis

Lightbend has partnered with Micro Focus to create a product to scan your code for security issues - the Fortify Scala plugin. You can check out the documentation on the Lightbend Tech Hub. The Fortify Scala plugin is included as part of your subscription but a separate license for Fortify itself is needed to effectively use the plugin, should you have any questions or need assistance Lightbend Support would be happy to help.

Other Analysis Products

Other than the above for security analysis, Lightbend does not recommend a specific static or dynamic analysis tools, but here are some we've seen in the community.

Code Quality

Test Coverage

Code formatters 

  1. find-sec-bugs (with Playframework specific rules)

    • Related Articles

    • Can I use the Lightbend Fortify plugin for my Java code?

      The simple answer is no. However the good news is that you do not need the plugin for that, as Fortify scans Java more natively (see chapter 4 on “Translating Java Code”).  If you are utilizing our Fortify security plugin to generate Fortify analysis ...
    • Enum Best Practices

      There are different options to implement enums in Scala. The landscape is roughly: 1. scala.Enumeration Pros: Library code only. Does not create a class per enum value for simple enums without behaviour. Cons: need to use dependent types to refer to ...
    • Error Handling Best Practices

      The best overview of the error handling options in the standard library we are aware of is, by Will Sargent, a former Lightbender. Digression: One topic he doesn’t cover is why checked exceptions ...
    • Play Performance Tuning

      General performance tuning advice Run experiments to tune your application. It’s not reliable to rely on assumptions. To tune your application you need to be systematic. Make hypotheses, control variables and test, test, test! It can be a good idea ...
    • ThreadLocal in Play

      Developers with Java experience may have previously used ThreadLocal to store/read data isolated to a specific system user or user request. One common example is working with legacy servlet containers when each user request was allocated a single ...