Skip to content

JFrog IDE Extensions

Overview

The JFrog extensions help developers find and fix security issues in their projects. It can be used to check code regularly using JFrog Xray and provide useful information.

Capabilities - Software Composition Analysis (SCA) - Advanced Security - Contextual Analysis - Infrastructure as Code (IaC) Scan - Secrets Detection

Visual Studio + VS Code

Installation

Visual Studio Code The extension for Visual Studio Code can be installed here: JFrog VSCode Extension.

Visual Studio NOTE: Currently support for Visual Studio for Mac/OS is not available. - Ensure that nuget.exe is included in your PATH environment variable. - Navigate to Tools --> Extensions and Updates. - Search for the JFrog Visual Studio Extension. - After the installation is finished, reopen Visual Studio.

JFrog VS Extension

Set-Up

Connect VS Code to the JFrog Platform

After the JFrog Extension is installed in VS Code, click on the JFrog tab:

JFrog VS Code Tab

This will prompt a sign-in window. You can either sign-in with SSO or an access token.

JFrog VS Sign-In Page with SSO JFrog VS Sign-In Page with Access Token

Connect VS to the JFrog Platform

  • Once the extension is installed, connect Visual Studio to the JFrog Xray instance.

  • Go to Tools > Options > JFrog > JFrog Xray

  • Set the JFrog Platform URL and login credentials.

  • Test the connection to Xray by using the Test connection button.

JFrog VS Extension JFrog VS Extension JFrog VS Extension

Usage

Visual Studio Code Extension

From the JFrog Extension window, you can click on the scan/rescan button.

JFrog Scan Button

Visual Studio Extension

Scan and view the project dependencies by opening View > Other Windows > JFrog

JFrog VS Extension

  • JFrog Xray will automatically scan when the project is opened or when clicking on the Refresh button in the JFrog window.

Interpreting the Results

Here are examples of the interface after scanning.

[VS Code] JFrog VS Scan Issues [Visual Studio] JFrog VS Extension JFrog VS Extension

It will display a list of the issues and what they are under. You can click on an issue to get more details that may include suggestions from JFrog on how to handle it.

JFrog VS Scan Issues Page

Component Tree Icons

Component Tree Icons

JFrog Severity Ratings This rating is assigned to CVEs by JFrog Security Research after manual analysis. It highlights vulnerabilities that pose the greatest risk should be addressed promptly.

JFrog Severity Ratings