JFrog

JFrog

|
77 installs
| (1) | Free
JFrog Xray scanning of npm project dependencies.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

JFrog Visual Studio Code Extension

General

The cost of remediating a vulnerability is akin to the cost of fixing a bug. The earlier you remediate a vulnerability in the release cycle, the lower the cost. JFrog Xray is instrumental in flagging components when vulnerabilities are discovered in production systems at runtime, or even sooner, during the development.

The JFrog VS Code Extension adds JFrog Xray scanning of npm project dependencies to your VS Code IDE. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in their VS Code IDE. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organization’s product.

Using JFrog Visual Studio Code Extension

Connect to JFrog Xray by clicking on the green Connect Connect button: Connect

View the project's dependency tree Open_Extension

The JFrog extension automatically triggers a scan of the project's npm dependencies whenever a change in the package-lock.json file is detected. To invoke a scan manually, click on the Refresh Refresh button or click on Start Xray Scan from within the package.json (above the dependencies section). Refresh

View existing issues Vulnerabilities

View licenses directly from within the package.json: License

View additional information about a dependency: Show_In_Deps_Tree

View dependency in package.json: Show_In_Pkg_Json

Search in tree: Search_In_Tree

To filter scan results, click on the Filter Filter button. Filter

Building and Testing the Sources

To build the extension sources, please follow these steps:

  1. Clone the code from Github.
  2. Build and create the VS-Code extension vsix file by running the following npm command.
npm run package

After the build finishes, you'll find the vsix file in the jfrog-vscode-extension directory. The vsix file can be loaded into VS-Code

To run the tests:

npm t

Code contributions

We welcome community contribution through pull requests.

Guidelines

  • Before creating your first pull request, please join our contributors community by signing JFrog's CLA.
  • If the existing tests do not already cover your changes, please add tests.
  • Pull requests should be created on the dev branch.
  • Please run npm run format for formatting the code before submitting the pull request.