Now there is (June 2016): albuch/sbt-dependency-check from Alexander vs Buchholz .
SBT plugin for checking OWASP dependencies.
This can be used to monitor the dependencies used in the application and to report if there are well-known vulnerabilities (for example, CVE).
Starts checking the dependency on the current project, its totality and dependencies and generates a report for each project.
You need to add /plugins.sbt to the project
addSbtPlugin("net.vonbuchholtz" % "sbt-dependency-check" % "0.1.4")
and after that just call
$ sbt dependencyCheck
The report will be written to the location crossTarget.value (the default is target / scala -2.11 /).