Add support of java-sec-bugs and java-owasp to scala projects

Since find-sec-bugs actually supports scala jars, all it had to be done
was enhacing the filter in the existing findsecbugs module.

OWASP's dependency-check case is a bit different, it is able to scan zip
files built by [sbt native packager](https://www.scala-sbt.org/sbt-native-packager/)
but it can't find dependencies shipped in uber jars built with
[sbt-assembly](https://github.com/sbt/sbt-assembly). An demo showing how
to use it is available at https://github.com/csokol/scala-hawkeyesec-scanner-demo

Partially addresses #75.

lib/modules/java-find-secbugs/__tests__/findsecbugs-unit.js

@@ -44,6 +44,11 @@ describe('FindSecBugs Module', () => {
     expect(await handles(fm)).to.be.true
   })
 
+  it('should handle scala sbt projects', async () => {
+    const fm = new FileManager({ target: path.join(__dirname, './sample/scala-sbt') })
+    expect(await handles(fm)).to.be.true
+  })
+
   it('should not run on missing executable', async () => {
     exec.exists.withArgs('findsecbugs').resolves(false)
     const target = path.join(__dirname, './sample/java-gradle')

lib/modules/java-find-secbugs/index.js

@@ -16,9 +16,12 @@ module.exports = {
   description: 'Finds common security issues in Java code with findsecbugs',
   enabled: true,
   handles: async fm => {
-    const isJavaProject = fm.all().some(file => file.endsWith('.java'))
-    const isKotlinProject = fm.all().some(file => file.endsWith('.kt'))
-    const isJvmProject = isJavaProject || isKotlinProject
+    const allFiles = fm.all()
+    const isJavaProject = allFiles.some(file => file.endsWith('.java'))
+    const isKotlinProject = allFiles.some(file => file.endsWith('.kt'))
+    const isScalaProject = allFiles.some(file => file.endsWith('.scala'))
+
+    const isJvmProject = isJavaProject || isKotlinProject || isScalaProject
 
     const hasJarFiles = getProjectJars(fm).length > 0
     const exists = await exec.exists('findsecbugs')

lib/modules/java-owasp/__tests__/owasp-unit.js

@@ -38,6 +38,11 @@ describe('Java OWASP Dependency Checker Module', () => {
     expect(await handles(fm)).to.be.true
   })
 
+  it('should handle scala sbt projects', async () => {
+    const fm = new FileManager({ target: path.join(__dirname, './sample/scala-sbt') })
+    expect(await handles(fm)).to.be.true
+  })
+
   it('should not run on missing executable', async () => {
     exec.exists.resolves(false)
     const fm = new FileManager({ target: path.join(__dirname, './sample/java-gradle') })

lib/modules/java-owasp/index.js

@@ -13,9 +13,12 @@ module.exports = {
   description: 'Scans Java projects for gradle/maven dependencies with known vulnerabilities with the OWASP dependency checker',
   enabled: true,
   handles: async fm => {
-    const isJavaProject = fm.all().some(file => file.endsWith('.java'))
-    const isKotlinProject = fm.all().some(file => file.endsWith('.kt'))
-    const isJvmProject = isJavaProject || isKotlinProject
+    const allFiles = fm.all()
+    const isJavaProject = allFiles.some(file => file.endsWith('.java'))
+    const isKotlinProject = allFiles.some(file => file.endsWith('.kt'))
+    const isScalaProject = allFiles.some(file => file.endsWith('.scala'))
+
+    const isJvmProject = isJavaProject || isKotlinProject || isScalaProject
 
     const hasJarFiles = getProjectJars(fm).length > 0
     const hasCommand = await exec.exists('dependency-check')