Overview
The JFrog Eclipse plugin adds JFrog Xray scanning of Maven, Gradle, and npm project dependencies to your Eclipse IDE. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in their Eclipse IDE. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organization’s product.
The plugin filter allows you view the scanned results according to issues or licenses.
Source Code
The JFrog Eclipse Plugin code is available on Github.
Installation and Setup
To install and work with the plugin:
If JFrog Xray is behind an HTTP proxy, configure the proxy settings as described here. This is supported since version 1.1.0 of the JFrog Eclipse Plugin.
Prerequisites
JFrog Xray version 1.7.2.3 and above.
Download
Installation
Go to Help | Install New Software,click Add and then click Archive.
Choose the plugin zip file you downloaded and click Add.
Click Next.
Configuring the Plugin
Connecting to JFrog Xray
Once the plugin is successfully installed, connect the plugin to your instance of JFrog Xray.
Go to Eclipse (Preferences), click JFrog Xray.
Set your JFrog Xray URL and login credentials.
Test your connection to Xray using the Test Connection button.
Scanning Gradle Projects
Behind the scenes, the JFrog plugin executes a Gradle script, which creates the dependencies tree of the project. The plugin reads the Gradle configuration defined in Eclipse. This configuration is added to Eclipse by the Buildship plugin You can access this configuration by going in Preferences | Gradle | Gradle distribution
Note
If the Gradle configuration is not set, then Gradle Wrapper will be used. If the project does not include the Gradle Wrapper configuration, Gradle will be automatically downloaded.
Using the Plugin
Open JFrog tab
To open the plugin tab click on Window | Show View | Other | Security | JFrog.
Scanning and Viewing the Results
JFrog Xray automatically performs a scan when the plugin first loaded on startup.
To manually invoke a scan:
Click Refresh in the JFrog plugin.
View the scanned results in the plugin.
Filtering Xray Scanned Results
The JFrog plugin provides the following filter to narrow down the scanned results to view exactly what you need:
Severity: Displays issues according to specific severities.
License: Displays components according to specific licenses.