🤖 About this Extension
The cost of remediating a vulnerability is akin to the cost of fixing a bug. The earlier you remediate a vulnerability in the release cycle, the lower the cost. The extension allows developers to find and fix security vulnerabilities in their projects and to see valuable information about the status of their code by continuously scanning it locally with the JFrog Platform.
What security capabilities do we provide?
Software Composition Analysis (SCA)Scans your project dependencies for security issues and shows you which dependencies are vulnerable. If the vulnerabilities have a fix, you can upgrade to the version with the fix in a click of a button.
CVE Research and EnrichmentFor selected security issues, get leverage-enhanced CVE data that is provided by our JFrog Security Research team. Prioritize the CVEs based on:
You can learn more about enriched CVEs here.
Check out what our research team is up to and stay updated on newly discovered issues by clicking on this link: https://research.jfrog.com
Requires Xray version 3.66.5 or above and Enterprise X / Enterprise+ subscription with Advanced DevSecOps.
Static Application Security Testing (SAST)Provides fast and accurate security-focused engines that detect zero-day security vulnerabilities on your source code sensitive operations, while minimizing false positives.
Secrets DetectionPrevents the exposure of keys or credentials that are stored in your source code.
Infrastructure as Code (IaC) ScanSecures your IaC files. Critical to keeping your cloud deployment safe and secure.
🌟 Additional Perks
Read the documentation to get started.
🔥 Reporting Issues
Please help us improve by reporting issues you encounter.
💻 Code Contributions
We welcome community contribution through pull requests.