Coder Social home page Coder Social logo

hadarshjfrog / jfrog-idea-plugin Goto Github PK

View Code? Open in Web Editor NEW

This project forked from jfrog/jfrog-idea-plugin

0.0 0.0 0.0 4.36 MB

JFrog IntelliJ IDEA plugin

Home Page: https://jfrog.github.io/jfrog-idea-plugin/

License: Apache License 2.0

JavaScript 0.15% Python 0.24% C 0.01% Java 99.27% Groovy 0.04% Go 0.03% HTML 0.05% HCL 0.21%

jfrog-idea-plugin's Introduction

JFrog IntelliJ IDEA Plugin

JFrog IntelliJ IDEA Plugin Marketplace Installs

Scanned by Frogbot Build status Marketplace

๐Ÿค– About this Plugin

The plugin allows developers to find and fix security vulnerabilities in their projects and to see valuable information about the status of their code by continuously scanning it locally with JFrog Security.

What security capabilities do we provide?

Basic

Software Composition Analysis (SCA) Scans your project dependencies for security issues and shows you which dependencies are vulnerable. If the vulnerabilities have a fix, you can upgrade to the version with the fix in a click of a button.
CVE Research and Enrichment For selected security issues, get leverage-enhanced CVE data that is provided by our JFrog Security Research team. Prioritize the CVEs based on:
  • JFrog Severity: The severity given by the JFrog Security Research team after the manual analysis of the CVE by the team. CVEs with the highest JFrog security severity are the most likely to be used by real-world attackers. This means that you should put effort into fixing them as soon as possible.
  • Research Summary: The summary that is based on JFrog's security analysis of the security issue provides detailed technical information on the specific conditions for the CVE to be applicable.
  • Remediation: Detailed fix and mitigation options for the CVEs

You can learn more about enriched CVEs here.

Check out what our research team is up to and stay updated on newly discovered issues by clicking on this link: https://research.jfrog.com

Advanced

Requires Xray version 3.66.5 or above and Enterprise X / Enterprise+ subscription with Advanced DevSecOps).

CVEs Contextual Analysis Uses the code context to eliminate false positive reports on vulnerable dependencies that are not applicable to the code. CVEs Contextual Analysis is currently supported for Python, Java and JavaScript code.
Secrets Detection Prevents the exposure of keys or credentials that are stored in your source code.
Infrastructure as Code (IaC) Scan Secures your IaC files. Critical to keeping your cloud deployment safe and secure.

Additional Perks

  • Security issues are easily visible inline.
  • The results show issues with context, impact, and remediation.
  • View all security issues in one place, in the JFrog tab.
  • For Security issues with an available fixed version, you can upgrade to the fixed version within the plugin.
  • Track the status of the code while it is being built, tested, and scanned on the CI server.

In addition to IntelliJ IDEA, the plugin also supports the following IDEs:

  • WebStorm
  • PyCharm
  • Android Studio
  • GoLand

๐Ÿ“– Documentation

Read the documentation to get started.

๐Ÿ”ฅ Reporting Issues

Please report issues by opening an issue on GitHub.

๐Ÿ’ป Contributions

We welcome community contribution through pull requests. To help us improve this project, please read our Contribution guide.

๐Ÿฅ Release Notes

The release notes are available here.

jfrog-idea-plugin's People

Contributors

yahavi avatar talarian1 avatar asafgabai avatar barbelity avatar dimanevelev avatar or-geva avatar eyalbe4 avatar sverdlov93 avatar noyshabtay avatar romangurevitch avatar orto17 avatar asaf-federman avatar eyalb4doc avatar jfrogsolutionci avatar robinino avatar attiasas avatar omerzi avatar yoav avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.