Using the latest JFrog products?
JFrog Platform User Guide


Skip to end of metadata
Go to start of metadata

Overview

The JFrog IntelliJ IDEA plugin adds JFrog Xray scanning of Maven, Gradle, and npm project dependencies to your IntelliJ IDEA. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in their IntelliJ IDEA. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organisation’s product.

The plugin filter allows you view the scanned results according to issues or licenses.

From JFrog Xray version 1.9, IntelliJ IDEA users connecting to Xray from IntelliJ are required to be granted the ‘View Components’ action in Xray.
Learn more about Xray Actions.

Source Code 

The JFrog IDEA Plugin code is available on Github.

Page contents


Installation and Setup

To install and work with the plugin:

  1. Install the JFrog plugin, using one of these options:
  2. Configure the plugin to connect to JFrog Xray.
  3. Scan and view the results.
  4. Filter Xray Scanned Results.

Prerequisites

  • IntelliJ IDEA version 2016.2 and above.
  • JFrog Xray version 1.7.2.3 and above.

Installing from the IntelliJ Plugin Repository

  1. Under Settings (Preferences) | Plugins, click Browse repositories and search for JFrog.
  2. Once the plugin is found, click Install JetBrains Plugin.

Installing Plugin from Disk

  1. Download the latest JFrog plugin from Bintray or create this plugin from sources. To learn more about building from sources, see the procedure in GitHub.
  2. Under Settings (Preferences) | Plugins, click Install plugin from disk...
  3. Select the plugin file and click OK.

Using the Plugin

Configuring the Plugin to Connect to JFrog Xray

Once the plugin is successfully installed, connect the plugin to your instance of JFrog Xray.

  1. If JFrog Xray is behind an HTTP proxy, configure the proxy settings as described here. This is supported since version 1.3.0 of the JFrog IDEA Plugin.
  2. Under Settings (Preferences) | Other Settings, click JFrog Xray Configuration.
  3. Set your JFrog Xray URL and login credentials.
  4. Test your connection to Xray using the Test Connection button.

Self-signed Xray domain

sIf your Xray instance uses a domain with a self-signed certificate, add the certificate to IDEA as described here.

Scanning and Viewing the Results

JFrog Xray automatically performs a scan whenever there is a change in the dependencies in the project.

To manually invoke a scan: 

  1. Click Refresh in the JFrog plugin.
  2. View the scanned results in the plugin.

Filtering Xray Scanned Results

The JFrog plugin provides the following filters to narrow down the scanned results to view exactly what you need: 

Severity: Displays issues according to specific severities.

License: Displays components according to specific licenses.

Hovering above a dependency in the editor, to information about it.

Navigating from the editor to the dependency tree



Release Notes

The release notes are available on Bintray


Reporting Issues

Please report issues by opening an issue on Github.


Watch the Screencast

Watch this screencast to learn how the JFrog IntelliJ IDEA plugin adds JFrog Xray scanning of Maven project dependencies to your IntelliJ IDEA.

 

  • No labels