Security Scanning Tool for Kotlin?


#1

Is anyone aware of a tool that will scan for possible security violations in Kotlin code similar to how Checkmarx works? Note: I’m not talking about a linter, I’m talking about something that looks for things like possible XSS or SQL Injection type attacks. The company I work for pretty much requires something like this for production code, and not being able to find one for Kotlin might stop (or slow down) my team’s planned adoption.


#2

You can use tools that work by analyzing bytecode, not source code; such tools should work well with Kotlin-compiled classes. As far as I know, no security scanning tools understand Kotlin source code at this time.


#3

Hi Yole, what’s the status on this? Do you know if any Kotlin security scanners have been developed in the last year?


#4

I’m not aware of any, but I haven’t been specifically looking for them.


#5

A few months ago an HP Fortify rep told someone at my company that adding support for Kotlin was on their roadmap. I have no idea what that really means as far as the likelihood of that really happening or the possible timeframe though.