JFrog Eclipse IDE Plugin

JFrog Security Documentation
ft:sourceType
Paligo
Overview

The JFrog Eclipse plugin adds JFrog Xray scanning of Maven, Gradle, and npm project dependencies to your Eclipse IDE. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in their Eclipse IDE. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organization’s product.

The plugin filter allows you view the scanned results according to issues or licenses.

panel.png
Source Code

The JFrog Eclipse Plugin code is available on Github.

Installation and Setup

To install and work with the plugin:

  1. Install the JFrog plugin

  2. If JFrog Xray is behind an HTTP proxy, configure the proxy settings as described here. This is supported since version 1.1.0 of the JFrog Eclipse Plugin.

  3. Configure the plugin to connect to JFrog Xray

  4. Scan and view the results

  5. Filter Xray Scanned Results

Prerequisites

  • JFrog Xray version 1.7.2.3 and above.

Download

Version

Download link

Compatibility

1.1.2

Download

Eclipse 4.13 - 4.20

1.1.1

Download

Eclipse 4.10 - 4.19

Installation

  1. Download the plugin zip.

  2. Go to Help | Install New Software,click Add and then click Archive.

  3. Choose the plugin zip file you downloaded and click Add.

  4. Click Next.

Configuring the Plugin
Connecting to JFrog Xray

Once the plugin is successfully installed, connect the plugin to your instance of JFrog Xray.

  1. Go to Eclipse (Preferences), click JFrog Xray.

  2. Set your JFrog Xray URL and login credentials.

  3. Test your connection to Xray using the Test Connection button.

    preferences.png
Scanning Gradle Projects

Behind the scenes, the JFrog plugin executes a Gradle script, which creates the dependencies tree of the project. The plugin reads the Gradle configuration defined in Eclipse. This configuration is added to Eclipse by the Buildship plugin You can access this configuration by going in Preferences | Gradle | Gradle distribution

Note

If the Gradle configuration is not set, then Gradle Wrapper will be used. If the project does not include the Gradle Wrapper configuration, Gradle will be automatically downloaded.

image2020-5-7_16-44-59.png
Using the Plugin
Open JFrog tab

To open the plugin tab click on Window | Show View | Other | Security | JFrog.

show-view.png
Scanning and Viewing the Results

JFrog Xray automatically performs a scan when the plugin first loaded on startup.

To manually invoke a scan:

  1. Click Refresh in the JFrog plugin.

  2. View the scanned results in the plugin.

Filtering Xray Scanned Results

The JFrog plugin provides the following filter to narrow down the scanned results to view exactly what you need:

  • Severity: Displays issues according to specific severities.

    issues.png

  • License: Displays components according to specific licenses.