{"id":18805,"library":"snyk-sbt-plugin","title":"Snyk SBT Plugin","description":"A plugin for the Snyk CLI that provides dependency metadata for sbt (Scala Build Tool) projects. It scans build.sbt files to identify known vulnerabilities in dependencies. Current stable version is 3.1.0, released August 2025. The plugin supports Node 20 on Windows, Linux, and macOS, and works with sbt 0.13.x through 1.7.x (with or without sbt-dependency-graph plugin for older versions). Key differentiator: integrates Snyk's vulnerability scanning into Scala/SBT projects with automatic dependency tree extraction. v3.0.0 introduced breaking changes including dropping shell:true and updated shescape for argument escaping.","status":"active","version":"3.1.0","language":"javascript","source_language":"en","source_url":"https://github.com/snyk/snyk-sbt-plugin","tags":["javascript","typescript"],"install":[{"cmd":"npm install snyk-sbt-plugin","lang":"bash","label":"npm"},{"cmd":"yarn add snyk-sbt-plugin","lang":"bash","label":"yarn"},{"cmd":"pnpm add snyk-sbt-plugin","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"This plugin is used as part of Snyk CLI; it is not standalone.","package":"snyk","optional":false},{"reason":"Required for sbt versions 1.2 and older to extract dependency tree.","package":"sbt-dependency-graph","optional":true}],"imports":[{"note":"ESM-only since v3; CJS require yields undefined.","wrong":"const snykSbtPlugin = require('snyk-sbt-plugin')","symbol":"snykSbtPlugin","correct":"import { snykSbtPlugin } from 'snyk-sbt-plugin'"},{"note":"Named export, not default.","wrong":"import inspect from 'snyk-sbt-plugin'","symbol":"inspect","correct":"import { inspect } from 'snyk-sbt-plugin'"},{"note":"Use type-only import for TypeScript types to avoid bundling.","wrong":"import { SbtPluginResult } from 'snyk-sbt-plugin' (not a runtime value)","symbol":"Types","correct":"import type { SbtPluginResult } from 'snyk-sbt-plugin'"}],"quickstart":{"code":"import { inspect } from 'snyk-sbt-plugin';\nimport { promises as fs } from 'fs';\n\nasync function scanSbtProject(projectPath: string) {\n try {\n const result = await inspect(projectPath, 'sbt', { dev: false });\n console.log('Scanned dependencies:', result.package.dependencies);\n console.log('Vulnerabilities:', result.vulnerabilities?.length ?? 0);\n } catch (error) {\n console.error('Scan failed:', error);\n }\n}\n\nscanSbtProject('/path/to/sbt/project');\n","lang":"typescript","description":"Scans an SBT project for vulnerabilities using the inspect function, logging dependency tree and vulnerability count."},"warnings":[{"fix":"Update any scripts that relied on shell:true being set; the plugin no longer uses shell execution for child processes.","message":"Dropping shell:true and bumping shescape after author fix in v3.0.0","severity":"breaking","affected_versions":">=3.0.0"},{"fix":"Install sbt-dependency-graph plugin or coursier following Snyk support documentation.","message":"Older sbt versions (<=1.2) require sbt-dependency-graph plugin or coursier to be installed","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Ensure you are using Node 20 as specified in supported OS table; future versions may require updates.","message":"Plugin uses Node.js APIs; may not work with newer Node versions without updates","severity":"deprecated","affected_versions":">=3.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Install sbt and ensure it is available in the system PATH.","cause":"sbt is not installed or not in PATH.","error":"Error: spawn sbt ENOENT"},{"fix":"Use ES module import: import { inspect } from 'snyk-sbt-plugin'","cause":"CJS require used for ESM-only package.","error":"Cannot find module 'snyk-sbt-plugin'"},{"fix":"Ensure the project path contains a build.sbt file.","cause":"Project does not contain a build.sbt file.","error":"Error: No supported sbt project detected"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}