Cloud customer?
 Upgrade in MyJFrog >



The JFrog IntelliJ IDEA plugin also supports the WebStorm and GoLand IDEs. Since version 1.6.2, the plugin requires version 2020.1 of IDEA.

The plugin adds JFrog Xray scanning of Maven, Gradle, Go and npm project dependencies to your IntelliJ IDEA. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in their IntelliJ IDEA. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organisation’s product.

The plugin filter allows you view the scanned results according to issues or licenses.

From JFrog Xray version 1.9 to version 2.x, IntelliJ IDEA users connecting to Xray from IntelliJ are required to be granted the ‘View Components’ action in Xray.
From JFrog Xray version 3.x, as part of the JFrog Platform, IntelliJ IDEA users connecting to Xray from IntelliJ require ‘Read’ permission. For more information, see Permissions.

Source Code 

The JFrog IDEA Plugin code is available on Github.

Page contents

Installation and Setup

To install and work with the plugin:

  1. Install the JFrog plugin, using one of these options:
  2. Configure the plugin to connect to JFrog Xray.
  3. Scan and view the results.
  4. Filter Xray Scanned Results.


  • IntelliJ IDEA version 2016.2 and above.
  • JFrog Xray version and above.

Installing from the IntelliJ Plugin Repository

  1. Under Settings (Preferences) | Plugins, click Browse repositories and search for JFrog.
  2. Once the plugin is found, click Install JetBrains Plugin.

Installing Plugin from Disk

  1. Download the latest JFrog plugin from Bintray or create this plugin from sources. To learn more about building from sources, see the procedure in GitHub.
  2. Under Settings (Preferences) | Plugins, click Install plugin from disk...
  3. Select the plugin file and click OK.

Using the Plugin

Configuring the Plugin to Connect to JFrog Xray

Once the plugin is successfully installed, connect the plugin to your instance of JFrog Xray.

  1. If JFrog Xray is behind an HTTP proxy, configure the proxy settings as described here. Manual proxy configuration is supported since version 1.3.0 of the JFrog IDEA Plugin. Auto-detect proxy settings is supported since version 1.7.0.
  2. Under Settings (Preferences) | Other Settings, click JFrog Xray Configuration.
  3. Set your JFrog Xray URL and login credentials.
  4. As you can see in the below image, you also have the option of storing the connection details in environment variables, which should be set before starting up the IDE. 
  5. Test your connection to Xray using the Test Connection button.

Self-signed Xray domain

If your Xray instance uses a domain with a self-signed certificate, add the certificate to IDEA as described here.

Scanning and Viewing the Results

JFrog Xray automatically performs a scan whenever there is a change in the dependencies in the project.

To manually invoke a scan: 

  1. Click Refresh in the JFrog plugin.
  2. View the scanned results in the plugin.

Filtering Xray Scanned Results

You can filter the viewed project dependencies according to the issues severity, license and scope.

Hovering above a dependency in the editor, to information about it.

Navigating from the editor to the dependency tree

Show the dependency declaration in the editor, by right-clicking on a dependency in the tree and choosing "Show in project descriptor".

In Maven projects, you also have the option of excluding a transitive dependency from the pom.xml, by right-clicking on the dependency in the tree and choosing "Exclude dependency".

Release Notes

The release notes are available on Bintray


The JFrog Plugin uses the IntelliJ IDEA log files. By default, the log level used used by the plugin is INFO.

You have the option of increasing the log level to DEBUG. Here's how you do this:

  1. Go to Help | Diagnostic Tools | Debug Log Settings...
  2. Inside the Custom Debug Log Configuration window add the following line:

To see the Intellij IDEA log file, depends on the IDE version and OS as described here, go to Help | Show/reveal Log in Explorer/finder/Konqueror/Nautilus.

Reporting Issues

Please report issues by opening an issue on Github.

Watch the Screencast

Watch this screencast to learn how the JFrog IntelliJ IDEA plugin adds JFrog Xray scanning of Maven project dependencies to your IntelliJ IDEA.


Copyright © 2021 JFrog Ltd.