JFrog Visual Studio Extension

JFrog Security Documentation


The JFrog Visual Studio Extension adds JFrog Xray scanning of NuGet project dependencies to your Visual Studio IDE. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in Visual Studio. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organization’s product.

The extension filter allows you view the scanned results according to issues severity.


Working in Visual Studio Code?

Take a look at the user documentation for the JFrog Visual Studio Code Extension here.

Source Code

The JFrog Visual Studio Extension code is available on Github.

Installation and Setup
Supported Visual Studio Versions

Two extensions are shared to the marketplace - each of them supports a different Visual Studio version:

  • JFrog Xray version 2.5.0 and above.


To install and work with the extension:

  1. Open the terminal window.

  2. Run the nuget command. If it is not recognized as a command, please add nuget.exe to the PATH environment variable.

  3. If your projects use NPM, Run the npm command. If it is not recognized as a command, please add npm.exeto thePATHenvironment variable.

  4. Open Visual Studio

  5. Go to Tools | Extensions and Updates

  6. Search for JFrog.

  7. Click on Download

  8. Once the installation is completed, re-open Visual Studio.

Configuring the Extension to Connect to JFrog Xray

Once the extension is successfully installed, connect Visual Studio to your instance of JFrog Xray.

  1. Go to Tools | Options | JFrog | JFrog Xray

  2. Set your JFrog Platform URL and login credentials.

  3. Test your connection to Xray using the Test connection button.

Using the Extension
Scanning and Viewing the Results

To scan and view the project dependencies, open View | Other Windows | JFrog


JFrog Xray automatically performs a scan when the project is opened or when clicking on the Refresh button in the JFrog window.

Filtering the Scanned Results

The JFrog Extension provides a filter to narrow down the scanned results to view exactly what you need.


When troubleshooting issues, it os recommended to look at the log messages in the Output console, located at the bottom of the screen.

Reporting Issues

Please report issues by opening an issue on Github.

Watch the Screencast