{"id":31769929,"url":"https://github.com/jfrog/jfrog-vscode-extension","last_synced_at":"2025-10-10T02:55:46.765Z","repository":{"id":36211195,"uuid":"210127399","full_name":"jfrog/jfrog-vscode-extension","owner":"jfrog","description":"JFrog VS-Code Extension","archived":false,"fork":false,"pushed_at":"2025-10-05T10:28:20.000Z","size":41058,"stargazers_count":193,"open_issues_count":33,"forks_count":37,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-10-05T12:19:54.192Z","etag":null,"topics":["golang","jfrog","jfrog-vscode-extension","jfrog-xray","maven","npm","python","vscode","vscode-extension","vulnerability"],"latest_commit_sha":null,"homepage":"https://jfrog.github.io/jfrog-vscode-extension","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jfrog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-09-22T10:16:17.000Z","updated_at":"2025-10-05T10:28:23.000Z","dependencies_parsed_at":"2023-11-07T13:40:34.838Z","dependency_job_id":"e90e2e33-9647-491e-8cf4-01e16fd125fa","html_url":"https://github.com/jfrog/jfrog-vscode-extension","commit_stats":null,"previous_names":[],"tags_count":172,"template":false,"template_full_name":null,"purl":"pkg:github/jfrog/jfrog-vscode-extension","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-vscode-extension","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-vscode-extension/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-vscode-extension/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-vscode-extension/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jfrog","download_url":"https://codeload.github.com/jfrog/jfrog-vscode-extension/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-vscode-extension/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002527,"owners_count":26083403,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","jfrog","jfrog-vscode-extension","jfrog-xray","maven","npm","python","vscode","vscode-extension","vulnerability"],"created_at":"2025-10-10T02:55:44.851Z","updated_at":"2025-10-10T02:55:46.754Z","avatar_url":"https://github.com/jfrog.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![](resources/readme/introduction.png)](#readme)\n\n\u003cdiv align=\"center\"\u003e\n\n# JFrog Extension for VS Code \u0026 Eclipse Theia\n\n![JFrog Extension Marketplace Installs](https://img.shields.io/visual-studio-marketplace/i/JFrog.jfrog-vscode-extension?label=VS%20Code%20installs\u0026color=blue\u0026style=for-the-badge)\n\n [![Visual Studio Code Version](https://img.shields.io/visual-studio-marketplace/v/JFrog.jfrog-vscode-extension?style=for-the-badge)](https://marketplace.visualstudio.com/items?itemName=JFrog.jfrog-vscode-extension)\n\n[![Visual Studio Marketplace](https://img.shields.io/badge/Visual%20Studio%20Code-Marketplace-blue.png)](https://marketplace.visualstudio.com/items?itemName=JFrog.jfrog-vscode-extension)  [![Open VSX Registry](https://img.shields.io/badge/Open%20VSX%20Registry-Marketplace-blue.png)](https://open-vsx.org/extension/JFrog/jfrog-vscode-extension)\n[![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.png)](https://github.com/jfrog/frogbot#readme) [![Test](https://github.com/jfrog/jfrog-vscode-extension/actions/workflows/test.yml/badge.svg)](https://github.com/jfrog/jfrog-vscode-extension/actions/workflows/test.yml?branch=master)\n\n\u003c/div\u003e\n\n## 🤖 About this Extension\nThe cost of remediating a vulnerability is akin to the cost of fixing a bug.\nThe earlier you remediate a vulnerability in the release cycle, the lower the cost.\nThe extension allows developers to find and fix security vulnerabilities in their projects and to see valuable information\nabout the status of their code by continuously scanning it locally with the [JFrog Platform](https://jfrog.com/xray/).\n\n### What security capabilities do we provide?\n#### 🌟 Basic\n\u003cdetails\u003e\n  \u003csummary\u003eSoftware Composition Analysis (SCA)\u003c/summary\u003e\nScans your project dependencies for security issues and shows you which dependencies are vulnerable. If the vulnerabilities have a fix, you can upgrade to the version with the fix in a click of a button.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eCVE Research and Enrichment\u003c/summary\u003e\nFor selected security issues, get leverage-enhanced CVE data that is provided by our JFrog Security Research team.\nPrioritize the CVEs based on:\n\n- **JFrog Severity**: The severity given by the JFrog Security Research team after the manual analysis of the CVE by the team.\nCVEs with the highest JFrog security severity are the most likely to be used by real-world attackers.\nThis means that you should put effort into fixing them as soon as possible.\n- **Research Summary**: The summary that is based on JFrog's security analysis of the security issue provides detailed technical information on the specific conditions for the CVE to be applicable.\n- **Remediation**: Detailed fix and mitigation options for the CVEs\n\nYou can learn more about enriched CVEs [here](https://jfrog.com/help/r/jfrog-security-documentation/jfrog-security-cve-research-and-enrichment).\n\nCheck out what our research team is up to and stay updated on newly discovered issues by clicking on this link: \u003chttps://research.jfrog.com\u003e\n\u003c/details\u003e\n\n#### 🌟 Advanced\n*Requires Xray version 3.66.5 or above and Enterprise X / Enterprise+ subscription with [Advanced DevSecOps](https://jfrog.com/xray/#xray-advanced).*\n\n\u003cdetails\u003e\n  \u003csummary\u003eVulnerability Contextual Analysis\u003c/summary\u003e\nUses the code context to eliminate false positive reports on vulnerable dependencies that are not applicable to the code.\nVulnerability Contextual Analysis is currently supported for Python, Java and JavaScript code.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eStatic Application Security Testing (SAST)\u003c/summary\u003e\nProvides fast and accurate security-focused engines that detect zero-day security vulnerabilities on your source code sensitive operations, while minimizing false positives.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eSecrets Detection\u003c/summary\u003e\nPrevents the exposure of keys or credentials that are stored in your source code.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eInfrastructure as Code (IaC) Scan\u003c/summary\u003e\nSecures your IaC files. Critical to keeping your cloud deployment safe and secure.\n\u003c/details\u003e\n\n#### 🌟 Additional Perks\n\n- Security issues are easily visible inline.\n- The results show issues with context, impact, and remediation.\n- View all security issues in one place, in the JFrog tab.\n- For Security issues with an available fixed version, you can upgrade to the fixed version within the plugin.\n- Track the status of the code while it is being built, tested, and scanned on the CI server.\n\n## 📖 Documentation\nRead the [documentation](https://jfrog.com/help/r/jfrog-security-user-guide/shift-left-on-security/ides/visual-studio-code) to get started.\n\n## 🔥 Reporting Issues\nPlease help us improve by [reporting issues](https://github.com/jfrog/jfrog-vscode-extension/issues) you encounter.\n\n## 🫱🏻‍🫲🏼 Contributions\nWe welcome contributions from the community through pull requests. To assist in enhancing this project, please review our [Contribution](CONTRIBUTING.md) guide.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fjfrog-vscode-extension","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjfrog%2Fjfrog-vscode-extension","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fjfrog-vscode-extension/lists"}