{"id":31769967,"url":"https://github.com/jfrog/jfrog-ide-webview","last_synced_at":"2025-10-10T02:56:01.839Z","repository":{"id":176598487,"uuid":"571229533","full_name":"jfrog/jfrog-ide-webview","owner":"jfrog","description":"JFrog-IDE-Webview is a React-based HTML page designed to be seamlessly embedded within JFrog VS Code Extension and the JFrog IDEA Plugin.","archived":false,"fork":false,"pushed_at":"2025-09-10T06:35:26.000Z","size":2944,"stargazers_count":8,"open_issues_count":8,"forks_count":9,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-09-10T09:56:45.937Z","etag":null,"topics":["jfrog","jfrog-idea-plugin","jfrog-vscode-extension","jfrog-xray","security"],"latest_commit_sha":null,"homepage":"https://docs.jfrog-applications.jfrog.io/jfrog-applications/ide","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jfrog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-11-27T15:25:42.000Z","updated_at":"2025-09-10T06:35:29.000Z","dependencies_parsed_at":null,"dependency_job_id":"32a60443-e4ed-4da4-b511-622f3d2d3b0b","html_url":"https://github.com/jfrog/jfrog-ide-webview","commit_stats":null,"previous_names":["jfrog/jfrog-ide-webview"],"tags_count":45,"template":false,"template_full_name":null,"purl":"pkg:github/jfrog/jfrog-ide-webview","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-ide-webview","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-ide-webview/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-ide-webview/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-ide-webview/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jfrog","download_url":"https://codeload.github.com/jfrog/jfrog-ide-webview/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-ide-webview/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002527,"owners_count":26083403,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jfrog","jfrog-idea-plugin","jfrog-vscode-extension","jfrog-xray","security"],"created_at":"2025-10-10T02:55:58.272Z","updated_at":"2025-10-10T02:56:01.831Z","avatar_url":"https://github.com/jfrog.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# JFrog-IDE-Webview\n\n[![JFrog-IDE-Webview-Extension-863x300-1](/images/logo.png)](/images/logo.png)\n[![Webview Tests](https://github.com/jfrog/jfrog-ide-webview/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/jfrog/jfrog-ide-webview/actions/workflows/test.yml)\n[![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.svg)](https://github.com/jfrog/frogbot#readme)\n\n\u003c/div\u003e\n\n## ℹ️ About This Project\n\nThe JFrog IDE integrations allow developers to find and fix security vulnerabilities in their projects and to see valuable information about the status of their code by continuously scanning it locally with JFrog Xray.\\\n**JFrog-IDE-Webview** is a React-based HTML page designed to be seamlessly embedded within [JFrog VS Code Extension](https://github.com/jfrog/jfrog-vscode-extension#readme) and the [JFrog IDEA Plugin](https://github.com/jfrog/jfrog-idea-plugin#readme). It serves as a powerful web view that offers a comprehensive overview of vulnerabilities identified in the source code project.\n\n## 🚀 Build\n\nTo build the project and generate the HTML page, follow these steps:\n\n1. Install the required dependencies by running the following command:\n\n   ```bash\n   npm install\n   ```\n\n2. Build the project using the following command:\n\n   ```bash\n   npm run build\n   ```\n\n   This will generate the necessary artifacts, including the HTML page, in the build directory.\n\n## 🔍 Watch\n\nThe `watch` script enables you to automatically rebuild the project whenever changes are made to the source code. This is useful during development when you want to see immediate updates without manually triggering a build.\n\nTo start the watch mode, run the following command:\n\n```bash\nnpm run start\n```\n\nThis will initiate the watch mode, and any changes made to the source code will trigger a rebuild. A browser window will also open automatically with the appropriate URL to view the code live.\n\nDuring development, when you run the project in watch mode (`npm run start`), you can navigate between pages to view different content. Initially, you will see a page with the text \"nothing to show\". To navigate to the main page and view the desired content, follow these steps:\n\n1. Open the 'Inspect' window by right-clicking on the page and selecting \"Inspect\" from the context menu.\n2. In the Inspect window, navigate to the Console tab.\n\nTo view a specific page example, choose one of the following options and enter the corresponding code snippet in the Console:\n\n\u003cdetails\u003e\n\n\u003csummary\u003eDependency Page\u003c/summary\u003e\n\n````javascript\nwindow.postMessage(\n\t{\n\t\ttype: 'SHOW_PAGE',\n\t\tdata: {\n\t\t\tid: '210300',\n\t\t\tpageType: 'DEPENDENCY',\n\t\t\tcve: {\n\t\t\t\tid: '71',\n\t\t\t\tcvssV2Score: '4.0',\n\t\t\t\tcvssV2Vector: 'CV:N/I:N/A:P',\n\t\t\t\tcvssV3Score: '6.5',\n\t\t\t\tcvssV3Vector: 'CVSS:3.1/A/A:H',\n\t\t\t\tapplicableData: {\n\t\t\t\t\tisApplicable: true,\n\t\t\t\t\tsearchTarget: 'searchTarget-text',\n\t\t\t\t\tevidence: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\treason: 'evidence',\n\t\t\t\t\t\t\tfilePathEvidence: 'filePathEvidence',\n\t\t\t\t\t\t\tcodeEvidence: 'codeEvidence'\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t},\n\t\t\tcomponent: 'org.spre',\n\t\t\tfixedVersion: ['123'],\n\t\t\tcomponentType: 'Maven',\n\t\t\tversion: '2.5.6',\n\t\t\tinfectedVersion: ['(,4.36)', '[5.0.0,5.5)'],\n\t\t\tseverity: 'Critical',\n\t\t\tedited: '2022-11-23T17:41:22Z',\n\t\t\tsummary: 'Inicated user.',\n\t\t\tlicense: [\n\t\t\t\t{\n\t\t\t\t\tname: 'Apache-2.0'\n\t\t\t\t}\n\t\t\t],\n\t\t\treferences: [\n\t\t\t\t{\n\t\t\t\t\turl: 'https://security.netapp.com/advisory/ntap-20220616-0003/'\n\t\t\t\t}\n\t\t\t],\n\t\t\textendedInformation: {\n\t\t\t\tshortDescription: 'Insufficient remote attackers',\n\t\t\t\tfullDescription:\n\t\t\t\t\t'```[Spring](https://spring.io/) is_Text_OriebSocket.\\r\\n\\r\\nA network attacker can trigger an exception in S.withSockJS();\\r\\n  }\\r\\n}\\r\\n```',\n\t\t\t\tjfrogResearchSeverity: 'Critical',\n\t\t\t\tjfrogResearchSeverityReason: [\n\t\t\t\t\t{\n\t\t\t\t\t\tname: 'Exploitatesearch to determine the vulnerable attack vector.',\n\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t'The Spring apppoint.\\r\\n\\r\\nExample of a vulnerable endpoint -\\r\\n```java\\r\\npublic void registerStompEndpoints(StompEndpointRegistry registry) {\\r\\n  registry.withSockJS();\\r\\n}\\r\\n```',\n\t\t\t\t\t\tisPositive: true\n\t\t\t\t\t}\n\t\t\t\t]\n\t\t\t},\n\t\t\timpactGraph: {\n\t\t\t\troot: {\n\t\t\t\t\tname: 'jfrog-idea-plugin',\n\t\t\t\t\tchildren: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tname: 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.14.0',\n\t\t\t\t\t\t\tchildren: [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\tname: 'org.yaml:snakeyaml:1.33'\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t},\n\t\t\t\tpathsCount: 5,\n\t\t\t\tpathsLimit: 1\n\t\t\t}\n\t\t}\n\t},\n\t'*'\n)\n````\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSecret Page\u003c/summary\u003e\n\n```javascript\nwindow.postMessage(\n\t{\n\t\ttype: 'SHOW_PAGE',\n\t\tdata: {\n\t\t\theader: 'SQL Injection',\n\t\t\tpageType: 'SECRETS',\n\t\t\tseverity: 'Critical',\n\t\t\tlocation: 'EXP-1527-00001',\n\t\t\tdescription: '\\n SQL injection \\n    ',\n\t\t\tabbreviation: 'RES.KEY.API.ENCRYPT',\n\t\t\tfinding: {\n\t\t\t\tsnippet:\n\t\t\t\t\t'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud ',\n\t\t\t\tmeaning:\n\t\t\t\t\t'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud ',\n\t\t\t\thappen:\n\t\t\t\t\t'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud ',\n\t\t\t\tdo: 'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud '\n\t\t\t}\n\t\t}\n\t},\n\t'*'\n)\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\n\u003csummary\u003eIaC Page\u003c/summary\u003e\n\n```javascript\nwindow.postMessage(\n\t{\n\t\ttype: 'SHOW_PAGE',\n\t\tdata: {\n\t\t\theader: 'SQL Injection',\n\t\t\tpageType: 'IAC',\n\t\t\tseverity: 'Critical',\n\t\t\tid: 'EXP-1527-00001',\n\t\t\tabbreviation: 'RES.KEY.API.ENCRYPT',\n\t\t\tlocation: {\n\t\t\t\tfile: '/Users/assafa/Documents/code/flask-webgoat/flask_webgoat/__init__.py',\n\t\t\t\trow: 14,\n\t\t\t\tcolumn: 15\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t'\\n SQL injection is a type of vulnerability that allows an attacker to execute arbitrary SQL\\n    commands on a database.\\n    This can allow the attacker to gain access to sensitive information, such as user credentials\\n    or sensitive data, or to perform unauthorized actions, such as deleting or modifying data.\\n\\n    In this query we check if a user input can flow un-sanitized into the DB in order to do this.\\n    ',\n\t\t\tfinding: {\n\t\t\t\tsnippet:\n\t\t\t\t\t'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.',\n\t\t\t\tmeaning:\n\t\t\t\t\t'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.',\n\t\t\t\thappen:\n\t\t\t\t\t'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.',\n\t\t\t\tdo: 'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.'\n\t\t\t}\n\t\t}\n\t},\n\t'*'\n)\n```\n\n\u003c/details\u003e\n\n## 🧪 Tests\n\nTo run tests for the project, use the following command:\n\n```bash\nnpm test\n```\n\nThis will execute the tests using Jest and provide the test results, including any failures or errors encountered.\n\n## 💻 Code Contributions\n\nContributions to the JFrog-IDE-Webview project are welcome and encouraged!.\nPlease follow these steps:\n\n1. Fork the repository.\n2. Create a new branch for your contribution.\n3. Make your changes and commit them.\n4. Push your changes to your forked repository.\n5. Submit a pull request with a clear description of your changes.\n\nWe appreciate your contribution to making JFrog-IDE-Webview even better!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fjfrog-ide-webview","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjfrog%2Fjfrog-ide-webview","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fjfrog-ide-webview/lists"}