JFrog has just made it even easier to identify securities and vulnerabilities in your dependencies directly from within your IntelliJ IDEA. This initial version of the JFrog IntelliJ IDEA plugin provides you critical insights as early as in the development phase, making it even less likely for vulnerable components to ever reach production.
Through this direct IDE integration, developers can see a detailed analysis of any dependency components they include in their software, giving them the power to assess whether to use them or not. A newly introduced dependency can immediately be identified as vulnerable if it contains any restrictive licensing or security issues.
What you get with the JFrog IntelliJ IDEA Plugin
Once you’ve installed the JFrog IntelliJ IDEA plugin, you’ll be able to see exactly what’s going on in your project. A complete project tree listing all of your dependencies, including transitive dependencies, will be visually displayed. For each dependency Xray will show its metadata, such as the checksum and license type, and information about security vulnerabilities, such as severity, description and references. You can even filter the scan results by issue severity and license type.
Watch this 3 minute introduction video to see how easy it is to get started:
The JFrog IntelliJ IDEA Plugin is currently supported for your Maven projects. The IDE integration support will continue to expand to additional industry-standard IDEs and package formats.