The cost of remediating a vulnerability is akin to the cost of fixing a bug. The earlier you remediate a vulnerability in the release cycle, the lower the cost.
JFrog Xray is instrumental in flagging components when vulnerabilities are discovered in production systems at runtime, and also, through integration to CI systems like Jenkins CI and TeamCity at build time. The IDE integration completes the CI/CD process, by bringing Xray's issue discovery one step earlier, to development time.
Current support includes:
- Visual Studio Code - scanning your Maven, Python, Go and npm project dependencies
- IntelliJ IDEA - scanning your Maven, Gradle, Go, npm, and PyPI project dependencies in IntelliJ IDEA, Webstorm, GoLand, PyCharm, and Android studio.
- Eclipse - scanning your Maven, Gradle and npm project dependencies
- Visual Studio - scanning your NuGet project dependencies