Skip to end of metadata
Go to start of metadata

Overview

The cost of remediating a vulnerability is akin to the cost of fixing a bug. The earlier you remediate a vulnerability in the release cycle, the lower the cost.

JFrog Xray is instrumental in flagging components when vulnerabilities are discovered in production systems at runtime, and also, through integration to CI systems like Jenkins CI and TeamCity at build time. The IDE integration completes the CI/CD process, by bringing Xray's issue discovery one step earlier, to development time.

Current support includes:


JFrog IntelliJ IDEA Plugin

From JFrog Xray version 1.9, IntelliJ IDEA users connecting to Xray from IntelliJ are required to be granted the ‘View Components’ action in Xray.
Learn more about Xray Actions.

The JFrog IntelliJ IDEA plugin adds JFrog Xray scanning of Maven, Gradle, and npm project dependencies to your IntelliJ IDEA. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in their IntelliJ IDEA. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organisation’s product.

The plugin filter allows you view the scanned results according to issues or licenses.

Source Code 

The JFrog IDEA Plugin code is available on Github.

Installation and Setup

To install and work with the plugin:

  1. Install the JFrog plugin, using one of these options:
  2. Configure the plugin to connect to JFrog Xray.
  3. Scan and view the results.
  4. Filter Xray Scanned Results.

Prerequisites

  • IntelliJ IDEA version 2016.2 and above.
  • JFrog Xray version 1.7.2.3 and above.
Page contents

Installing from the IntelliJ Plugin Repository

  1. Under Settings (Preferences) | Plugins, click Browse repositories and search for JFrog.
  2. Once the plugin is found, click Install JetBrains Plugin.

Installing Plugin from Disk

  1. Download the latest JFrog plugin from Bintray or create this plugin from sources. To learn more about building from sources, see the procedure in GitHub.
  2. Under Settings (Preferences) | Plugins, click Install plugin from disk...
  3. Select the plugin file and click OK.

Configuring the Plugin to Connect to JFrog Xray

Once the plugin is successfully installed, connect the plugin to your instance of JFrog Xray.

  1. If JFrog Xray is behind an HTTP proxy, configure the proxy settings as described here. This is supported since version 1.3.0 of the JFrog Xray Plugin.
  2. Under Settings (Preferences) | Other Settings, click JFrog Xray Configuration.
  3. Set your JFrog Xray URL and login credentials.
  4. Test your connection to Xray using the Test Connection button.
    Configure the plugin

Using the Plugin

Scanning and Viewing the Results

JFrog Xray automatically performs a scan whenever there is a change in the dependencies in the project.

To manually invoke a scan: 

  1. Click Refresh in the JFrog plugin.
  2. View the scanned results in the plugin.

Filtering Xray Scanned Results

The JFrog plugin provides the following filters to narrow down the scanned results to view exactly what you need: 

  • Severity: Displays issues according to specific severities.

  • License: Displays components according to specific licenses.

Release Notes

The release notes are available on Bintray

Reporting Issues

Please report issues by opening an issue on Github.

Watch the Screencast

Watch this screencast to learn how the JFrog IntelliJ IDEA plugin adds JFrog Xray scanning of Maven project dependencies to your IntelliJ IDEA.

 


JFrog Eclipse IDE Plugin

The JFrog Eclipse plugin adds JFrog Xray scanning of Maven, Gradle, and npm project dependencies to your Eclipse IDE. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in their Eclipse IDE. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organization’s product.

The plugin filter allows you view the scanned results according to issues or licenses.

Source Code 

The JFrog Eclipse Plugin code is available on Github.

Installation and Setup

To install and work with the plugin:

  1. Install the JFrog plugin, using one of these options:
  2. Configure the plugin to connect to JFrog Xray.
  3. Scan and view the results.
  4. Filter Xray Scanned Results.

Prerequisites

  • Eclipse IDE version Photon and above.
  • JFrog Xray version 1.7.2.3 and above.

Installing from Eclipse Marketplace with drag and drop

  1. Go to Eclipse Marketplace.
  2. Drag the install button to your Eclipse window.

Installing Plugin from within Eclipse

  1. Go to Help | Eclipse Marketplace, click Search and search for tag:jfrog.
  2. Once the plugin is found, click Install.

Configuring the Plugin to Connect to JFrog Xray

Once the plugin is successfully installed, connect the plugin to your instance of JFrog Xray.

  1. Go to Eclipse (Preferences), click JFrog Xray.
  2. Set your JFrog Xray URL and login credentials.

  3. Test your connection to Xray using the Test Connection button.

Using the Plugin

Open JFrog tab

To open the plugin tab click on Window | Show View | Other | Security | JFrog.

Scanning and Viewing the Results

JFrog Xray automatically performs a scan when the plugin first loaded on startup.

To manually invoke a scan: 

  1. Click Refresh in the JFrog plugin.
  2. View the scanned results in the plugin.

Filtering Xray Scanned Results

The JFrog plugin provides the following filter to narrow down the scanned results to view exactly what you need: 

  • Severity: Displays issues according to specific severities.

  • License: Displays components according to specific licenses.

Release Notes

The release notes are available on Bintray

Reporting Issues

Please report issues by opening an issue on Github.



JFrog Visual Studio Extension

The JFrog Visual Studio Extension adds JFrog Xray scanning of NuGet project dependencies to your Visual Studio IDE. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in Visual Studio. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organization’s product.

The extension filter allows you view the scanned results according to issues severity.

Source Code

The JFrog IDEA Plugin code is available on Github.

Installation and Setup

Prerequisites 

  • Visual Studio 2017.
  • JFrog Xray version 2.5.0 and above.

Installation

To install and work with the extension:

  1. Open the terminal and type nuget. If it is not recognised as a command, please add nuget.exe to the PATH environment variable.
  2. Open Visual Studio
  3. Go to Tools | Extensions and Updates
  4. Search for JFrog.
  5. Click on Download
  6. Once the installation is completed, re-open Visual Studio.

Configuring the Extension to Connect to JFrog Xray

Once the extension is successfully installed, connect Visual Studio to your instance of JFrog Xray.

  1. Go to Tools | Options | JFrog | JFrog Xray 
  2. Set your JFrog Xray URL and login credentials.
  3. Test your connection to Xray using the Test connection button.

Using the Extension

Scanning and Viewing the Results

To scan and view the project dependencies, open View | Other Windows | JFrog

JFrog Xray automatically performs a scan when the project is opened or when clicking on the Refresh button in the JFrog window.

Filtering the Scanned Results

The JFrog Extension provides a filter to narrow down the scanned results to view exactly what you need.

Troubleshooting

When troubleshooting issues, it os recommended to look at the log messages in the Output console, located at the bottom of the screen.

Reporting Issues

Please report issues by opening an issue on Github.

Release Notes

The release notes are available on Bintray.

Watch the Screencast

 

  • No labels