The JFrog Visual Studio Extension adds JFrog Xray scanning of NuGet project dependencies to your Visual Studio IDE. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in Visual Studio. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organization’s product.
The extension filter allows you view the scanned results according to issues severity.
Working in Visual Studio Code?
Take a look at the user documentation for the JFrog Visual Studio Code Extension here.
The JFrog Visual Studio Extension code is available on Github.
Installation and Setup
Supported Visual Studio Versions
Two extensions are shared to the marketplace - each of them supports a different Visual Studio version:
JFrog Xray version 2.5.0 and above.
To install and work with the extension:
Open the terminal window.
Run the nuget command. If it is not recognized as a command, please add nuget.exe to the PATH environment variable.
If your projects use NPM, Run the npm command. If it is not recognized as a command, please add npm.exeto thePATHenvironment variable.
Open Visual Studio
Go to Tools | Extensions and Updates
Search for JFrog.
Click on Download
Once the installation is completed, re-open Visual Studio.
Configuring the Extension to Connect to JFrog Xray
Once the extension is successfully installed, connect Visual Studio to your instance of JFrog Xray.
Go to Tools | Options | JFrog | JFrog Xray
Set your JFrog Platform URL and login credentials.
Test your connection to Xray using the Test connection button.
Using the Extension
Scanning and Viewing the Results
To scan and view the project dependencies, open View | Other Windows | JFrog
JFrog Xray automatically performs a scan when the project is opened or when clicking on the Refresh button in the JFrog window.
Filtering the Scanned Results
The JFrog Extension provides a filter to narrow down the scanned results to view exactly what you need.
When troubleshooting issues, it os recommended to look at the log messages in the Output console, located at the bottom of the screen.
Please report issues by opening an issue on Github.