Hi!

Just found the plugin, looks awesome but I would like to use it with sbt.

Thank you

Describe the bug
When in the go.mod file, replace with a relative path used, the scan fails with "go.mod: no such file or directory".

To Reproduce
Clone the JFrog CLI and the CLI core to the same parent directory. Add the following in the go.mod file of the JFrog CLI:

replace github.com/jfrog/jfrog-client-go => ../jfrog-client-go

Expected behavior
Scan success

Versions

• JFrog IDEA plugin version: 1.9.1
• Operating system: All
• Xray version: All

Additional context
The solution should be:
When the scan begins, copy all go.mod files to a temp directory with the same layout they have:
source:

workspace/go.mod
workspace/a/go.mod
workspace/b/go.mod

Target:

tmp-dir/go.mod
tmp-dir/a/go.mod
tmp-dir/b/go.mod

Describe the bug
I have Go project which I would like to scan.
Xray scan seems to be running, but does not complete.
It always uses the max memory configured in IntelliJ, even if I give it 16GB.

To Reproduce

1. Replace relative paths with absolute paths in the go.mod files (workaround for another bug in the plugin, which doesn't work using relative paths: #139)
2. Scan will automatically start and get stuck using all max given memory

Expected behavior
Scan completes and using some limit of the available memory.

Versions

• JFrog IDEA plugin version: 1.9.1
• Operating system: macOS 11.4
• Xray version: 3.27.2

It's not clear from the documentation what URL I should specify to connect to XRay. Since version 3, XRay fully integrates into Artifactory so there is no more separate URL for XRay. When I'm specifying the URL of Artifactory I am getting the following error message:

I checked the connection with the Wireshark and found out the plugin tries to access the URL https://[MASKED]/artifactory/api/v1/system/version but this endpoint is available without v1 at https://[MASKED]/artifactory/api/system/version. Is this an incompatibility with XRay >= 3 or am I setting the wrong URL?

Is your feature request related to a problem? Please describe.
Currently, there is no convenient way to show violated licenses. The red components' behavior should be replaced with something else.

Describe the solution you'd like to see
I'd like to show a single table for violations and show all issues and licenses in that table.
The icon should be the same as in VS-Code:

Describe alternatives you've considered
None.

Additional context
I think the issues table title should be "vulnerabilities" or "violations", depending on the context.

Do you plan on porting the plugin to JetBrains Rider to scan the NuGet dependencies?

We do use XRay in our company and we'd love to have it integrated with the IDE, but many developers use Rider nowadays instead of Visual Studio.

Scanning does not appear to be working at all. No scan occurs upon initially opening the project (not sure if that is expected behavior), so I clicked the "refresh" icon to force an Xray scan. The scan runs very quickly (too quickly I would say for the size of the project and number of libraries) and produces no results.

To Reproduce

1. Install the JFrog Xray plugin from the Marketplace
2. Restart IntelliJ
3. Configure JFrog Xray connection
4. Open an existing Java/Maven project
5. Click the "Refresh Scan" icon in the JFrog pane

Expected behavior
In an earlier version of the plugin and an earlier version of the IDE, I received a detailed list of components with an icon indicating issue severities. I would expect the same with this version, but I don't even get a list of components.

Screenshots
Not applicable

Versions

• JFrog IDEA plugin version: 1.7.0
• Operating system: MacOS 10.15.7
• Xray version: Cloud
• IntelliJ: 2020.2.3 Ultimate Edition

Additional context
We use the cloud hosted Artifactory and X-Ray.

The only logging that occurs is a warning like the following:

2020-11-04 19:18:05,661 [1400336] WARN - .AbstractProgressIndicatorBase - This progress indicator is indeterminate, this may lead to visual inconsistency. Please call setIndeterminate(false) before you start progress. com.jfrog.ide.idea.log.ProgressIndicatorImpl.setFraction(ProgressIndicatorImpl.java:19)

The current implementation is using the old/deprecated IntelliJ PasswordUtil. It appears that this uses very weak encryption and is deprecated in preference to using com.intellij.ide.passwordSafe.PasswordSafe. As a utility intended for vulnerability and security management, proper credential management really should be prioritized.

This is a request to add IDE integration for PyCharm.

When a particular dependency has an issue and it appears in the issues tab, there is no link back to the Xray component. This forces the user to have to go to Xray and perform a search. It would be a better experience if there was a direct link to Xray.

Describe the bug
Plugin is not showing any details, exception in error

To Reproduce
Opening the IDE, project has Go and Npm components

Expected behavior
Expect the Plugin to show all project component (Go and Npm)

Screenshots

** Exception 1 **
java.lang.Throwable: JFrog Xray - npm ls command at /Users/dimag/work/src/jfrog.com/xray/internal/archiver/extractor/fixtures result had errors: "npm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\nnpm ERR! missing: [email protected], required by [email protected]\n" at com.intellij.openapi.diagnostic.Logger.error(Logger.java:143) at com.jfrog.ide.idea.log.Logger.error(Logger.java:51) at com.jfrog.ide.common.npm.NpmTreeBuilder.getPostfix(NpmTreeBuilder.java:91) at com.jfrog.ide.common.npm.NpmTreeBuilder.getPackageName(NpmTreeBuilder.java:68) at com.jfrog.ide.common.npm.NpmTreeBuilder.buildTree(NpmTreeBuilder.java:49) at com.jfrog.ide.idea.scan.NpmScanManager.buildTree(NpmScanManager.java:53) at com.jfrog.ide.idea.scan.ScanManager$2.onSuccess(ScanManager.java:185) at com.jfrog.ide.idea.scan.NpmScanManager.refreshDependencies(NpmScanManager.java:48) at com.jfrog.ide.idea.scan.ScanManager.scanAndUpdate(ScanManager.java:130) at com.jfrog.ide.idea.scan.ScanManager.access$000(ScanManager.java:63) at com.jfrog.ide.idea.scan.ScanManager$1.run(ScanManager.java:149) at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:935) at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsync$5(CoreProgressManager.java:442) at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:235) at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:170) at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:629) at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:581) at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60) at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:157) at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:235) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:668) at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:665) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:665) at java.base/java.lang.Thread.run(Thread.java:834)

** Exception 2 **
`java.io.IOException: go: jfrog.com/jfrog-access-go-client/[email protected]: unrecognized import path "jfrog.com/jfrog-access-go-client/v7": reading https://jfrog.com/jfrog-access-go-client/v7?go-get=1: 404 Not Found

at org.jfrog.build.extractor.go.GoDriver.runCmd(GoDriver.java:53)
at org.jfrog.build.extractor.go.GoDriver.runCmd(GoDriver.java:37)
at org.jfrog.build.extractor.go.GoDriver.modGraph(GoDriver.java:76)
at com.jfrog.ide.common.go.GoTreeBuilder.createDependenciesTree(GoTreeBuilder.java:55)
at com.jfrog.ide.common.go.GoTreeBuilder.buildTree(GoTreeBuilder.java:41)
at com.jfrog.ide.idea.scan.GoScanManager.buildTree(GoScanManager.java:53)
at com.jfrog.ide.idea.scan.ScanManager$2.onSuccess(ScanManager.java:185)
at com.jfrog.ide.idea.scan.GoScanManager.refreshDependencies(GoScanManager.java:48)
at com.jfrog.ide.idea.scan.ScanManager.scanAndUpdate(ScanManager.java:130)
at com.jfrog.ide.idea.scan.ScanManager.access$000(ScanManager.java:63)
at com.jfrog.ide.idea.scan.ScanManager$1.run(ScanManager.java:149)
at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:935)
at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsync$5(CoreProgressManager.java:442)
at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:235)
at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:170)
at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:629)
at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:581)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:157)
at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:235)
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:668)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:665)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:665)
at java.base/java.lang.Thread.run(Thread.java:834)`

Versions

• JFrog IDEA plugin version: 1.7.0
• Operating system: MacOS
• Xray version:

Describe the bug
Summery, component ID and description params are being used as a hash key to identify unique issues, but sometimes there are different issues with the same data on those params.

We need to use issue_id (xray_id) as a unique key.

To Reproduce
Add
<dependency> <groupId>com.thoughtworks.xstream</groupId> <artifactId>xstream</artifactId> <version>1.4.17</version> </dependency>
to a pom.xml file and refresh the plugin table, and get different issues on every run.

Versions

• JFrog IDEA plugin version: 1.12.0
• Operating system: mac
• Xray version: 3.36

Is your feature request related to a problem? Please describe.
I would like to be able to see which vulnerabilities that are important to building the project
and filter out dev dependencies.

Describe the solution you'd like to see
I want to see checkbox dependencies and checkbox dev dependencies.

Describe the bug
Big Java Project First Time Xray scan Time Out

Stacktrace:

[ERROR] Scan failed java.net.SocketTimeoutException: Read timed out at java.base/java.net.SocketInputStream.socketRead0(Native Method) at java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115) at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168) at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140) at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:448) at java.base/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:68) at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1096) at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:816) at org.apache.http.impl.conn.LoggingInputStream.read(LoggingInputStream.java:84) at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137) at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153) at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:280) at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:138) at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56) at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259) at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163) at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:157) at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272) atorg.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) at org.jfrog.client.http.CloseableHttpClientDecorator.doExecute(CloseableHttpClientDecorator.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at com.jfrog.xray.client.impl.XrayImpl.setHeadersAndExecute(XrayImpl.java:107) at com.jfrog.xray.client.impl.XrayImpl.post(XrayImpl.java:97) at com.jfrog.xray.client.impl.services.summary.SummaryImpl.post(SummaryImpl.java:54) at com.jfrog.xray.client.impl.services.summary.SummaryImpl.component(SummaryImpl.java:45) at com.jfrog.ide.common.scan.ScanManagerBase.scanComponents(ScanManagerBase.java:216) at com.jfrog.ide.common.scan.ScanManagerBase.scanAndCacheArtifacts(ScanManagerBase.java:176) at com.jfrog.ide.idea.scan.ScanManager.access$100(ScanManager.java:63) at com.jfrog.ide.idea.scan.ScanManager$2.onSuccess(ScanManager.java:184) at com.jfrog.ide.idea.scan.MavenScanManager.refreshDependencies(MavenScanManager.java:68) at com.jfrog.ide.idea.scan.ScanManager.scanAndUpdate(ScanManager.java:128) at com.jfrog.ide.idea.scan.ScanManager.access$000(ScanManager.java:63) at com.jfrog.ide.idea.scan.ScanManager$1.run(ScanManager.java:147) at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:932) at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsync$5(CoreProgressManager.java:434) atcom.intellij.openapi.progress.impl.ProgressRunner.lambda$null$3(ProgressRunner.java:233) at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:166) at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:627) at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:572) at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:61) at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:153) at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:233) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834

Versions

• Intellij IDEA version: 2020.1.2
• JFrog IDEA plugin version: 1.6.1
• Operating system: macos 10.15.2
• Xray version: 3.5.1

On Intellij when using System.getEnv() to derived the 'PATH' environment variable, it returns only the default value (/usr/bin:/bin:/usr/sbin:) and ignores other paths that have been defined on the underlying system context.

Is your feature request related to a problem? Please describe.
Running npm ls when the node modules are not installed throws an exception. Since we don't really need the node_moduels directory to build the dependency tree, on npm >= 7 we can use --package-lock-only flag.

Describe the solution you'd like to see
Add --package-lock-only flag to npm to make npm work without installation.

Describe alternatives you've considered
Nope.

Additional context
Nope.

The plugin displays only component versions in the require(..) part of the go.mod file.
However, when a replace(..) section exists in the go.mod file, those versions are ignored.

This is quite problematic, as the replace part is the actual package to be included in the final build, and if we can't see violation for those we might miss the point, don't we? :)

Describe the bug
Although the project is a npm project that´s getting wrapped in a docker the jfrog plugin claims that it is an unsupported project type.

To Reproduce

• Create a node project as well as a Dockerfile.
• Create the project from existing source.
• Try jfrog Plugin for XRay Scanning

Or a quicker way:

• Creat new Node.js project
• jfrog Plugin claims unsupported project type

Expected behavior
Since there is a package.json the jfrog Plugin should recognise it as a npm project eligible for xray-scanning.

Screenshots

Versions

• IDEA version: 2020.3.2 (Ultimate)
• JFrog IDEA plugin version: 1.7.0
• Operating system: macOS 10.15.7
• Xray version: SaaS jfrog cloud

Describe the bug
Issues count not on the same line

Screenshots

Versions

• Intellij IDEA version: 2020.1.2
• JFrog IDEA plugin version: 1.6.1
• Operating system: macos 10.15.2
• Xray version: 3.5.1

Hey guys :)
Few small yet important things I stumbled upon when using the plugin:

1. When no Xray server configured, the line To Start using the JFrog Plugin, pleaseconfigure your JFrog Xray details is missing a comma between please and configure link
2. When setting up the Xray URL, the first idea that comes to mind if to set the domain, i.e http://myartifactory.ac.me
   However, that would result in HTTP 404.
   I think an example URL should be added below the URL text input, saying add /xray as a suffix to your Artifactory platform URL
3. When setting a wrong URL, the error is cut, and the text is not fully shown (it should be wrapped inside the window itself)

Building "Components Tree" in JFrog plugin relies on $ npm ls --json.
Adding the option to configure the path to npm, may solve issues when it's not included in the $PATH.

Describe the bug
This issue is very similar to the one described at #97
The difference is that it looks like maven project is loaded properly (pom.xml has no compilation errors, JDK is available and maven dependency tree is shown properly in the maven tab), indexing is done, something is performed in the background, but after scanning nothing is shown in the JFrog tab.

What else could be the problem?
It looks like the plugin works except showing the result.

Versions
X-ray: Cloud version, 3.33.1 (but tried with 3.32.2 as well)
JForg IDEA Plugin version: 1.9.2
OS: Windows 10 Pro
IDE:
IntelliJ IDEA 2021.2.1 (Community Edition)
Build #IC-212.5080.55, built on August 24, 2021
Runtime version: 11.0.11+9-b1504.16 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Windows 10 10.0
GC: G1 Young Generation, G1 Old Generation
Memory: 2028M
Cores: 4
Non-Bundled Plugins: idea.plugin.protoeditor (212.5080.8), CheckStyle-IDEA (5.56.0), Docker (212.5080.8), org.jetbrains.kotlin (212-1.5.30-release-409-IJ4638.7), org.jfrog.idea (1.9.2), com.haulmont.jpab (5.4-212), org.mapstruct.intellij (1.3.0)
Kotlin: 212-1.5.30-release-409-IJ4638.7

To Reproduce
Install the JFrog Xray plugin from the Marketplace
Restart IntelliJ
Configure JFrog Xray connection
Open an existing Java/Maven project
Click the "Refresh Scan" icon in the JFrog pane

Expected behavior
Detailed list of components with an icon indicating issue severities are shown in the JFrog tab.

Screenshots
N/A

Additional context
I also tried with an npm project, with similar result - looks like it performs the scan, yet no result is shown.

In the event log tab I only see INFO messages that some of the folders are excluded due to the defined Excluded Paths pattern.
I checked the IDEA log, where the only suspicious message was:
2021-09-21 08:09:37,604 [ 68772] WARN - nSystem.impl.ActionToolbarImpl - 'JFrog toolbar' toolbar by default uses any focused component to update its actions. Toolbar actions that need local UI context would be incorrectly disabled. Please call toolbar.setTargetComponent() explicitly.

In addition to package.json trigger, add scan after change in package-lock.json.

Is your feature request related to a problem? Please describe.
On big projects, sometimes it take time to handle all vulnerable dependencies. The red lines below vulnerable dependencies in the package descriptor may frustrate some users.

Describe the solution you'd like to see
Allow temporary disabling the inspection.

Describe alternatives you've considered
One way to do it is to add JFrog configuration to the inspector configuration.

The "Disable inspection" button is actually does nothing:

Fixing this can be another way to target this feature.

Additional context
This feature is raised by the internal BA team.

Describe the bug
Changing fields (GroupID, Version for example) in the pom.xml of a maven project should trigger a soft refresh of the project dependency tree but nothing happened. Refresh of the project dependency tree is possible by reloading maven project or reopening the project.

To Reproduce

1. Clone and open https://github.com/jfrog/project-examples/tree/master/maven-examples/maven-example.
2. The project's dependency tree appears in the project view.
3. Change the version in the pom.xml of the root module.
4. No changes in the dependency tree, the old version still appears in the dependency tree.
5. No changes when clicking on the "refresh scan" button as well.

Expected behavior
The dependency tree should be updated according to the changes in the pom.xml

Screenshots

Versions

• JFrog IDEA plugin version: 1.12.0
• Operating system: macOS Big Sur 11.4
• IDEA version: 2021.3

Describe the bug
When scanning gradle projects in IntelliJ IDEA, the created issues-tree is flat.
In addition, missing functionality of 'Show in project descriptor' for transitive dependencies.

Expected behavior
Issues tree should be presented in the correct hierarchy.
Right-clicking a component in tree should offer the 'Show in project descriptor' menu.

Versions
JFrog IDEA plugin version: 1.6.1
IntelliJ version: 2020.1.2

Additional context
We suspect the issue originates in a change that was made in the Gradle plugin, included in version 2020.1.2 of IntelliJ.

A fix for this issue is already under development.

In order to show the updated scan results in open editors of package.json/pom.xml/build.gradle we should run:

DaemonCodeAnalyzer.getInstance(mainProject).restart();

After scan of ALL projects.

I have Android Studio 3.6.2 and trying to install JFrog Idea Plugin 1.5.0.

• first of all, can't find the plugin in the Marketplace
• when installing by disk, it gives the following message:

  Plugin Error
  Problems found loading plugins:
  Plugin "JFrog" was not loaded: required plugin "org.jetbrains.idea.maven"

Describe the bug
All our projects are using gradle wrapper, so Gradle itself is not installed to my system and its not in my path. Does it mean that the plugin does not work with Gradle wrapper? Connecting to Xray works and CI tab works as well. Its the local tab thats failing.

Versions

• IntelliJ IDEA 2021.1.3 Ultimate Edition
• JFrog IDEA plugin version: 1.9.1
• Operating system: MacOS 10.15.7
• Xray version: 3.27.2

Additional context

20:44	JFrog Xray scan failed: [ERROR] Could not scan Gradle project dependencies, because Gradle CLI is not in the PATH.

20:44	JFrog Xray scan failed
			[ERROR] 
			java.lang.NullPointerException
			at com.jfrog.ide.common.scan.ScanManagerBase.extractComponents(ScanManagerBase.java:132)
			at com.jfrog.ide.common.scan.ScanManagerBase.scanAndCacheArtifacts(ScanManagerBase.java:150)
			at com.jfrog.ide.idea.scan.ScanManager.scanAndUpdate(ScanManager.java:108)
			at com.jfrog.ide.idea.scan.ScanManager$1.run(ScanManager.java:145)
			at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:998)
			at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsync$5(CoreProgressManager.java:497)
			at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:228)
			at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:178)
			at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:688)
			at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgr... (show balloon)

Hi, I'm new to Xray so forgive me if I mix up any terms.

We have a Java/Maven project which uses a vulnerable library which does not have a fixed version. We have "ignored" that vulnerability through the Xray interface to be able to use the lib.

I would like to see this reflected in the Intellij plugin. Now the plugin still shows many components as having issues due to this one library, even though we have ignored the violation in Xray.

Could you make the plugin show this somehow, so that I can easily distinguish if new vulnerabilities have been added to the codebase? Right now the whole project is just always orange and it's not easy to see if I added any new vulnerabilities.

When scanning the exact same Maven project, different results/vulnerabilities are shown in the JFrog-supported IDEs. It appears that Eclipse has the most accurate data and number of dependancies, and that IntelliJ (and VSCode) provide different results, likely due to certain dependancies not showing up.

As the JFrog IntelliJ plugin is limited to what the IDE (IntelliJ) allows it to view/use, the purpose of this ticket is to investigate if anything can be done (on the plugin level) to improve this behavior and achieve uniformity across all JFrog-supported IDEs.

Screenshot

Versions

• JFrog IDEA plugin version: 1.7.0
• Operating system: Windows Server 2019
• Xray version: 3.x

Describe the bug
"Show in package descriptor" button does not appear after using the filter.

To Reproduce

1. Open npm project (I used express)
2. Right click on a dependency -> "Show in package descriptor" does appear.
3. Select only high severity filter.
4. Right click on a dependency -> "Show in package descriptor" doesn't appear.

Expected behavior
"Show in package descriptor" does appear after using the filters.

Versions

• JFrog IDEA plugin version: 1.6.1
• Operating system: macOS Catalina
• Xray version: 3.4.0

We are using Artifactory as a SAML authentication provider, as such are users do not have credentials for Xray. While this is ok for logging into the Xray front end, I can't find a way to have the plugin authenticate in this way?

It works fine with Intellij 2016.2.

However in Intellij 2017.3, only component dependency graph is shown, but no any vulnerabilities displayed.

When ide plugin uses an external tool like npm, Gradle, maven it would be nice to have the plugin catch & print any reference error (like a wrong PATH to executable), to help users to troubleshoot the issue.

Intellij: 2019.1.2
Gradle: 5.4.1
X-ray: 2.8.0
Jdk: 1.8.0_191 - oracle
Error: JFrog Xray scan failed: [org.jfrog.idea.xray.scan.GradleScanManager.collectDependenciesIfMissing(GradleScanManager.java:134), org.jfrog.idea.xray.scan.GradleScanManager.collectComponentsToScan(GradleScanManager.java:110), org.jfrog.idea.xray.scan.ScanManager$2.onSuccess(ScanManager.java:187), org.jfrog.idea.xray.scan.GradleScanManager.refreshDependencies(GradleScanManager.java:91), org.jfrog.idea.xray.scan.ScanManager.scanAndUpdate(ScanManager.java:137), org.jfrog.idea.xray.scan.ScanManager.access$000(ScanManager.java:54), org.jfrog.idea.xray.scan.ScanManager$1.run(ScanManager.java:150), com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:731), com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:164), com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:586), com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:53... (show balloon)

I've configured x-ray in intellij settings and tested connection, which works.

Describe the bug
Plugin can't connect to Xray.

To Reproduce

1. Configure Xray URL, username (email) and API key (from Artifactory profile page)
2. Click "Test connection"

Expected behaviour
Expected a successful connection to Xray, but got the error message "Could not connect to Xray: Connection refused: connect"

Screenshots

Versions

• JFrog IDEA plugin version: 1.6.0
• Operating system: Windows 10 Pro 1909
• Xray version: unknown, but it is hosted on jfrog.io

Additional context

• The Xray instance uses SAML for SSO, which is why I have to use an API key (#2 (comment)).
• From the error message, I suspect the plugin is failing to use IntelliJ's configured HTTP proxy (with "auto-detect proxy settings").

Describe the bug
JFrog-Idea-Plugin v1.6.1 managed to show dependencies even if npm ls --json failed. Now, on version 1.7.0 it shows no dependencies at all.

To Reproduce
Here is a project which failed to run npm ls: https://github.com/ravendb/ravendb-nodejs-client.git

Expected behavior
Show dependencies although npm ls failed to resolve some transitive dependencies.

Versions

• JFrog IDEA plugin version: 1.7.0
• Operating system: macOS

When the plugin parses the file, it reports a stacktrace that does not contain the file that is being parsed. It would be usefull to have the path to the file in the below first line?
Invalid UTF-8 start byte 0x92
at [Source: (File); line: 10, column: 33]
[ERROR]
com.fasterxml.jackson.core.JsonParseException: Invalid UTF-8 start byte 0x92
at [Source: (File); line: 10, column: 33]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:693)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._reportInvalidInitial(UTF8StreamJsonParser.java:3545)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._reportInvalidChar(UTF8StreamJsonParser.java:3541)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._finishString2(UTF8StreamJsonParser.java:2487)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._finishAndReturnString(UTF8StreamJsonParser.java:2413)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser.getText(UTF8StreamJsonParser.java:269)
at com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:264)
at com.fasterxml.jackson.databind.deser... (show balloon)

Describe the bug
Xray Plugin does not work in IDEA 2020.1, with Error:
Exception: This plugin is not a production of JetBrains.

com.intellij.diagnostic.PluginException: org/jetbrains/plugins/groovy/lang/psi/GroovyElementVisitor [Plugin: org.jfrog.idea]
at com.intellij.serviceContainer.ComponentManagerImpl.instantiateExtensionWithPicoContainerOnlyIfNeeded(ComponentManagerImpl.kt:663)
at com.intellij.serviceContainer.BaseKeyedLazyInstance.createInstance(BaseKeyedLazyInstance.java:57)
at com.intellij.openapi.extensions.CustomLoadingExtensionPointBean.createInstance(CustomLoadingExtensionPointBean.java:31)
at com.intellij.codeInspection.InspectionEP.instantiateTool(InspectionEP.java:198)
at com.intellij.codeInspection.ex.InspectionToolWrapper.getTool(InspectionToolWrapper.java:72)
at com.intellij.codeInsight.daemon.impl.LocalInspectionsPass.getInspectionTools(LocalInspectionsPass.java:728)
at com.intellij.codeInsight.daemon.impl.LocalInspectionsPass.collectInformationWithProgress(LocalInspectionsPass.java:115)
at com.intellij.codeInsight.daemon.impl.ProgressableTextEditorHighlightingPass.doCollectInformation(ProgressableTextEditorHighlightingPass.java:84)
at com.intellij.codeHighlighting.TextEditorHighlightingPass.collectInformation(TextEditorHighlightingPass.java:52)
at com.intellij.codeInsight.daemon.impl.PassExecutorService$ScheduledPass.lambda$null$1(PassExecutorService.java:434)
at com.intellij.openapi.application.impl.ApplicationImpl.tryRunReadAction(ApplicationImpl.java:1106)
at com.intellij.codeInsight.daemon.impl.PassExecutorService$ScheduledPass.lambda$doRun$2(PassExecutorService.java:427)
at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:625)
at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:570)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:61)
at com.intellij.codeInsight.daemon.impl.PassExecutorService$ScheduledPass.doRun(PassExecutorService.java:426)
at com.intellij.codeInsight.daemon.impl.PassExecutorService$ScheduledPass.lambda$run$0(PassExecutorService.java:402)
at com.intellij.openapi.application.impl.ReadMostlyRWLock.executeByImpatientReader(ReadMostlyRWLock.java:168)
at com.intellij.openapi.application.impl.ApplicationImpl.executeByImpatientReader(ApplicationImpl.java:168)
at com.intellij.codeInsight.daemon.impl.PassExecutorService$ScheduledPass.run(PassExecutorService.java:400)
at com.intellij.concurrency.JobLauncherImpl$VoidForkJoinTask$1.exec(JobLauncherImpl.java:171)
at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020)
at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656)
at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594)
at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:177)
Caused by: java.lang.NoClassDefFoundError: org/jetbrains/plugins/groovy/lang/psi/GroovyElementVisitor
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:398)
at com.intellij.serviceContainer.ComponentManagerImpl.instantiateExtensionWithPicoContainerOnlyIfNeeded(ComponentManagerImpl.kt:660)
... 25 more
Caused by: java.lang.ClassNotFoundException: org.jetbrains.plugins.groovy.lang.psi.GroovyElementVisitor PluginClassLoader[org.jfrog.idea, 1.6.0] com.intellij.ide.plugins.cl.PluginClassLoader@1488f3e3
at com.intellij.ide.plugins.cl.PluginClassLoader.loadClass(PluginClassLoader.java:115)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 28 more

To Reproduce

1. Start IDEA
2. Install Xray plugin
3. Connect to Xray Server
4. Error: Plugin does not work, and can find error message in IDE Fatal Errors

Expected behavior
The pluging should scan project.

Versions

• JFrog IDEA plugin version: 1.6.0
• Operating system: Mac OS 10.14.6
• Xray version: 3.2.0
• IDEA: IntelliJ IDEA 2020.1 (Ultimate Edition)

Is your feature request related to a problem? Please describe.
Some libraries with issues do not have a fix yet.

Describe the solution you'd like to see
Ideally, the plugin would allow us to exclude transitive dependencies in Gradle projects, similar to how it works today for Maven projects.

IntelliJ IDEA: 2021.2.2
JFrog Plugin: 1.10.1
Artifactory: 7.27.3
Xray: 3.31.1

Test connection successfully.

When scan maven project, get error:

status code: 401, reason phrase: Received 401 HTTP/1.1 401 Unauthorized response from Xray
[ERROR] Xray Scan failed: HttpResponseException: status code: 401, reason phrase: Received 401 HTTP/1.1 401 Unauthorized response from Xray
org.apache.http.client.HttpResponseException: status code: 401, reason phrase: Received 401 HTTP/1.1 401 Unauthorized response from Xray
at com.jfrog.xray.client.impl.XrayClient.setHeadersAndExecute(XrayClient.java:130)
at com.jfrog.xray.client.impl.XrayClient.post(XrayClient.java:103)
at com.jfrog.xray.client.impl.services.graph.GraphImpl.post(GraphImpl.java:62)
at com.jfrog.xray.client.impl.services.graph.GraphImpl.graph(GraphImpl.java:56)
at com.jfrog.ide.common.scan.GraphScanLogic.scanComponentsWithoutContext(GraphScanLogic.java:174)
at com.jfrog.ide.common.scan.GraphScanLogic.scanComponents(GraphScanLogic.java:146)
at com.jfrog.ide.common.scan.GraphScanLogic.scanAndCacheArtifacts(GraphScanLogic.java:72)
at com.jfrog.ide.common.scan.ScanManagerBase.scanAndCacheArtifacts(ScanManagerBase.java:116)
at com.jfrog.ide.idea.scan.ScanManager.s... (show balloon)

In case we have two brothers in the dependency tree that use one of another, the tree will filter each duplicate child.
for example:

it's clear that multi3 is green, however, this information is wrong because multi3 uses multi1 as a dependency.
The correct tree should look like:

Describe the bug
Changing certain fields (GroupID, Version for example) in the pom.xml of a maven project trigger a soft refresh of the project dependency tree, after which the project appears twice - once with the old fields and once with the new.

To Reproduce

1. Clone and open https://github.com/jfrog/project-examples/tree/master/maven-examples/maven-example.
2. The project's dependency tree appears in the project view.
3. Change the version in the pom.xml of the root module.
4. Project appears twice in the project view.

Expected behavior
The project with the old details should be cleaned from the tree.

Screenshots
Before (Clean project after clone):

After (Version change in pom.xml):

Versions

• JFrog IDEA plugin version: 1.12.0
• Operating system: macOS Big Sur 11.6.1
• IDEA version: 2021.3

When trying to connect my IntelliJ IDE to our JFrog Xray instance via Test connection, I get the following error:
Could not connect to Xray: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

We use an internal CA which requires us to add CA certs in our java trust store via the IntelliJ Preferences (on Mac, thats under Tools / Server Certificates). But the plugin doesn't seem to use this. Is the plugin not using the JDK used by the IDE? Can you suggest a fix or workaround?

Additional details...
[ERROR] Scan failed javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:641) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:460) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71) at org.jfrog.client.http.CloseableHttpClientDecorator.doExecute(CloseableHttpClientDecorator.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at com.jfrog.xray.client.impl.XrayImpl.setHeadersAndExecute(XrayImpl.java:107) at com.jfrog.xray.client.impl.XrayImpl.get(XrayImpl.java:85) at com.jfrog.xray.client.impl.services.system.SystemImpl.version(SystemImpl.java:43) at com.jfrog.ide.common.scan.ScanManagerBase.isXrayVersionSupported(ScanManagerBase.java:229) at com.jfrog.ide.common.scan.ScanManagerBase.scanAndCacheArtifacts(ScanManagerBase.java:161) at com.jfrog.ide.idea.scan.ScanManager.access$100(ScanManager.java:49) at com.jfrog.ide.idea.scan.ScanManager$2.onSuccess(ScanManager.java:156) at com.jfrog.ide.idea.scan.MavenScanManager.refreshDependencies(MavenSca[...]

Describe the bug
I have a very basic angular project (see attached package.json package.json.zip, it's zipped since github does not support json attachments). When clicking the refresh button in the JFrog pane, the plugin starts doing something, i.e. it logs "Found npm project: c:......" and the status bar says "Xray: Scanning for vulnerabilities..." After about 5 minutes, the status bar is empty again but nothing else happens, no log entry etc. Jfrog pane just says "Nothing to show".

Three more notes:

1. A different, maven based project just works perfectly fine (scan just takes a few seconds)
2. I also tried Eclipse with the exact same result
3. There is no network traffic at all and according to jstack, the plugin is executing something with NpmDriver.list for a very very long time

To Reproduce
Use the attached package.json package.json.zip and scan it

Expected behavior
Scan results

Versions

• JFrog IDEA plugin version: 1.7.0
• Operating system: Windows 10 19042.746
• Xray version: 2.7.6

Describe the bug
We are receiving the following error when triggering manual scans using IntelliJ.

[ERROR] Scan failed org.apache.http.NoHttpResponseException: artifactory-url:80 failed to respond at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:141) at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56) at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259) at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163) at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:157) at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) at org.jfrog.client.http.CloseableHttpClientDecorator.doExecute(CloseableHttpClientDecorator.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at com.jfrog.xray.client.impl.XrayImpl.setHeadersAndExecute(XrayImpl.java:107) at com.jfrog.xray.client.impl.XrayImpl.post(XrayImpl.java:97) at com.jfrog.xray.client.impl.services.summary.SummaryImpl.post(SummaryImpl.java:54) at com.jfrog.xray.client.impl.services.summary.SummaryImpl.component(SummaryImpl.java:45) at com.jfrog.ide.common.scan.ScanManagerBase.scanComponents(ScanManagerBase.java:216) atcom.jfrog.ide.common.scan.ScanManagerBase.scanAndCacheArtifacts(ScanManagerBase.java:176) at com.jfrog.ide.idea.scan.ScanManager.access$100(ScanManager.java:52) at com.jfrog.ide.idea.scan.ScanManager$2.onSuccess(ScanManager.java:159) at com.jfrog.ide.idea.scan.NpmScanManager.refreshDependencies(NpmScanManager.java:42) at com.jfrog.ide.idea.scan.ScanManager.scanAndUpdate(ScanManager.java:104) at com.jfrog.ide.idea.scan.ScanManager.access$000(ScanManager.java:52) at com.jfrog.ide.idea.scan.ScanManager$1.run(ScanManager.java:123) at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:932) at
com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsync$5(CoreProgressManager.java:434) at com.intellij.openapi.progress.impl.ProgressRunner.lambda$null$3(ProgressRunner.java:233) at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:166) at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:627) at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:572) at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:61) at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:153) at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:233) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834)

Some components get results, but others get partial vulnerabilities and licenses. Others don't even get licenses (they appear all green).

To Reproduce

1. Start IntelliJ
2. Configure credentials (user/key)
3. Trigger scan from plugin window (refresh scan button)

Expected behavior
Retrieve complete scan results with no errors

Versions

• JFrog IDEA plugin version: 1.6.1 (happening since 1.5)
• Operating system: MacOS
• Xray version: 3.5.2 (happening since 3.x)

Additional context
I have monitored the scans at the same time while triggering the scan for our Xray nodes. The components trigger scans, I get output like this for all of the components:

2020-06-22T18:18:55.685Z [jfxr ] [INFO ] [ ] [HttpHandlerExt:94 ] [main ] Scan Artifact component, componentId : gav://com.fasterxml.jackson.module:jackson-module-parameter-names:2.9.6

But the plugin returns the error while Xray seems to be still triggering scans. Seems to me that something is ending the connection before IntelliJ is able to retrieve the scan results.

Also, running the "test connection" button works and credentials are correct.

Enterprise support ticket #132427

Describe the bug
I am currently evaluating JFrog XRay and it kind of gives me mixed results. I was in contact with JFrog support as the CLI did not report vulnerabilities for transitive dependencies. That seems to be sorted out with version 2.8.1 of the CLI.

Now I have the problem, that the JFrog IntelliJ plugin gives me different results compared to the CLI output produced with jfrog am for a very simple test project. For me, the output of the CLI seems to be correct. The results in the plugin seem to miss a few vulnerabilities (though the dependencies are listed correctly).

To Reproduce

Run jfrog am for the provided test project and compare it to the vulnerabilities shown for the project in IntelliJ.

Expected behavior

Output of the CLI and IntelliJ should show the same vulnerabilities for the same code.

Screenshots

Vulnerabilities shown in IntelliJ JFrog tool window:

Output of jfrog am:

┌──────────┬───────────────────────────┬──────────┬───────┬──────────────────┬───────────────────────────┬───────────┬────────────────┬──────┬──────┬─────────────┐
│ SEVERITY │ IMPACTED PACKAGE          │ IMPACTED │ TYPE  │ FIXED VERSIONS   │ COMPONENT                 │ COMPONENT │ CVE            │ CVSS │ CVSS │ ISSUE ID    │
│          │                           │ PACKAGE  │       │                  │                           │ VERSION   │                │ V2   │ V3   │             │
│          │                           │ VERSION  │       │                  │                           │           │                │      │      │             │
├──────────┼───────────────────────────┼──────────┼───────┼──────────────────┼───────────────────────────┼───────────┼────────────────┼──────┼──────┼─────────────┤
│ High     │ commons-collections:commo │ 3.2.1    │ Maven │ [3.2.2]          │ commons-collections:commo │ 3.2.1     │ CVE-2016-4372  │ 7.5  │ 9.8  │ XRAY-65665  │
│          │ ns-collections            │          │       │                  │ ns-collections            │           │ CVE-2016-4385  │ 7.5  │ 7.3  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-4398  │ 6.5  │ 8.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2015-7501  │ 10.0 │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2015-6420  │ 7.5  │      │             │
│          │                           │          │       │                  │                           │           │ CVE-2015-8765  │ 7.5  │ 8.3  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-4405  │ 6.5  │ 8.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-1985  │ 10.0 │ 10.0 │             │
│          │                           │          │       │                  │                           │           │ CVE-2015-4852  │ 7.5  │      │             │
│          │                           │          │       │                  │                           │           │ CVE-2015-8103  │ 7.5  │      │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-1997  │ 10.0 │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-4369  │ 6.5  │ 8.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-4373  │ 7.5  │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2015-7450  │ 10.0 │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-1986  │ 7.5  │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-1998  │ 10.0 │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-2009  │ 6.5  │ 8.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-1999  │ 10.0 │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2015-6934  │ 7.5  │ 7.3  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-2000  │ 7.5  │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-2003  │ 7.5  │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-1114  │ 7.5  │ 9.8  │             │
│          │                           │          │       │                  │                           │           │ CVE-2016-4368  │ 7.5  │ 9.8  │             │
├──────────┼───────────────────────────┼──────────┼───────┼──────────────────┼───────────────────────────┼───────────┼────────────────┼──────┼──────┼─────────────┤
│ High     │ commons-collections:commo │ 3.2.1    │ Maven │ [3.2.2]          │ commons-collections:commo │ 3.2.1     │ CVE-2017-15708 │ 7.5  │ 9.8  │ XRAY-60226  │
│          │ ns-collections            │          │       │                  │ ns-collections            │           │                │      │      │             │
├──────────┼───────────────────────────┼──────────┼───────┼──────────────────┼───────────────────────────┼───────────┼────────────────┼──────┼──────┼─────────────┤
│ High     │ commons-collections:commo │ 3.2.1    │ Maven │ [3.2.2]          │ commons-collections:commo │ 3.2.1     │ CVE-2015-7501  │ 10.0 │ 9.8  │ XRAY-60228  │
│          │ ns-collections            │          │       │                  │ ns-collections            │           │                │      │      │             │
├──────────┼───────────────────────────┼──────────┼───────┼──────────────────┼───────────────────────────┼───────────┼────────────────┼──────┼──────┼─────────────┤
│ Medium   │ org.springframework:sprin │ 5.3.9    │ Maven │ [5.2.18.RELEASE] │ org.springframework.boot: │ 2.5.4     │ CVE-2021-22096 │ 4.0  │ 4.3  │ XRAY-189875 │
│          │ g-core                    │          │       │ [5.3.12]         │ spring-boot-starter-web   │           │                │      │      │             │
├──────────┼───────────────────────────┼──────────┼───────┼──────────────────┼───────────────────────────┼───────────┼────────────────┼──────┼──────┼─────────────┤
│ Medium   │ ch.qos.logback:logback-co │ 1.2.5    │ Maven │ [1.2.7]          │ org.springframework.boot: │ 2.5.4     │                │ 4.0  │      │ XRAY-81280  │
│          │ re                        │          │       │                  │ spring-boot-starter-web   │           │                │      │      │             │
├──────────┼───────────────────────────┼──────────┼───────┼──────────────────┼───────────────────────────┼───────────┼────────────────┼──────┼──────┼─────────────┤
│ Medium   │ ch.qos.logback:logback-co │ 1.2.5    │ Maven │ [1.2.6]          │ org.springframework.boot: │ 2.5.4     │                │ 4.0  │ 5.5  │ XRAY-121270 │
│          │ re                        │          │       │ [1.3.0-alpha7]   │ spring-boot-starter-web   │           │                │      │      │             │
├──────────┼───────────────────────────┼──────────┼───────┼──────────────────┼───────────────────────────┼───────────┼────────────────┼──────┼──────┼─────────────┤
│ Medium   │ org.apache.tomcat.embed:t │ 9.0.52   │ Maven │ [8.5.72]         │ org.springframework.boot: │ 2.5.4     │ CVE-2021-42340 │ 5.0  │ 7.5  │ XRAY-187429 │
│          │ omcat-embed-websocket     │          │       │ [9.0.54]         │ spring-boot-starter-web   │           │                │      │      │             │
│          │                           │          │       │ [10.0.12]        │                           │           │                │      │      │             │
│          │                           │          │       │ [10.1.0-M6]      │                           │           │                │      │      │             │
└──────────┴───────────────────────────┴──────────┴───────┴──────────────────┴───────────────────────────┴───────────┴────────────────┴──────┴──────┴─────────────┘

Versions

• JFrog IDEA plugin version: 1.12.0 on IntelliJ 2021.3
• Operating system: macOS 11.6
• Xray version: 3.33.5
• JFrog CLI version: 2.8.1

Additional context

Test project (Maven):
test-project.zip

Describe the bug
If you are on any version of Windows and have installed Windows Subsystem for Linux (WSL) in order to install Gradle via SDKMAN, *which is the recommended way in the docs then the JFrog plugin completely fails to run since it doesn't use WSL. Worth noting calling gradle using WSL is also supported by IntelliJ, which means users are likely to want feature parity.

To Reproduce
Setup a Windows machine with Gradle on WSL. Get a gradle project loaded into IntelliJ, watch the plugin fail with null pointer exceptions.

Expected behavior
The plugin should use the same command line/tools to execute that IntelliJ uses for Gradle projects.

Screenshots
I can provide a stacktrace:

java.lang.Throwable: Could not scan Gradle project dependencies, because Gradle CLI is not in the PATH.
	at com.intellij.openapi.diagnostic.Logger.error(Logger.java:161)
	at com.jfrog.ide.idea.log.Logger.error(Logger.java:51)
	at com.jfrog.ide.common.gradle.GradleTreeBuilder.buildTree(GradleTreeBuilder.java:48)
	at com.jfrog.ide.idea.scan.GradleScanManager.buildTree(GradleScanManager.java:63)
	at com.jfrog.ide.idea.scan.ScanManager.scanAndUpdate(ScanManager.java:107)
	at com.jfrog.ide.idea.scan.ScanManager$1.run(ScanManager.java:145)
	at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:998)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsync$5(CoreProgressManager.java:497)
	at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:228)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:178)
	at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:688)
	at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:634)
	at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:64)
	at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:165)
	at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:228)
	at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:668)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:665)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:665)
	at java.base/java.lang.Thread.run(Thread.java:834)

Versions

• JFrog IDEA plugin version: 1.9.1
• Operating system: Windows 10
• Xray version: 3.27.3

Describe the bug
Stacktrace during working on a Maven project

To Reproduce
Just worked on the Bamboo Artifactory plugin and this error jumped

Expected behavior
Handle the NULL better.

Screenshots
N/A

Versions

• JFrog IDEA plugin version: 1.7.0
• Operating system: MacOS
• Xray version: 3.10.0

Additional context

com.intellij.psi.PsiInvalidElementAccessException: Element: class com.intellij.psi.impl.source.xml.XmlTagImpl #XML because: parent is null
invalidated at: see attachment
at com.intellij.psi.impl.source.tree.CompositePsiElement.getContainingFile(CompositePsiElement.java:106)
at com.jfrog.ide.idea.navigation.NavigationTarget.equals(NavigationTarget.java:34)
at java.base/java.util.HashMap.putVal(HashMap.java:630)
at java.base/java.util.HashMap.put(HashMap.java:607)
at java.base/java.util.HashSet.add(HashSet.java:220)
at com.jfrog.ide.idea.navigation.NavigationService.addNavigation(NavigationService.java:58)
at com.jfrog.ide.idea.inspections.AbstractInspection.visitElement(AbstractInspection.java:56)
at com.jfrog.ide.idea.inspections.MavenInspection$1.visitXmlTag(MavenInspection.java:45)
at com.intellij.psi.impl.source.xml.XmlTagImpl.accept(XmlTagImpl.java:300)
at com.intellij.codeInspection.InspectionEngine.acceptElements(InspectionEngine.java:65)
at com.intellij.codeInspection.InspectionEngine.createVisitorAndAcceptElements(InspectionEngine.java:56)
at com.intellij.codeInsight.daemon.impl.LocalInspectionsPass.runToolOnElements(LocalInspectionsPass.java:296)
at com.intellij.codeInsight.daemon.impl.LocalInspectionsPass.lambda$visitPriorityElementsAndInit$3(LocalInspectionsPass.java:265)
at com.intellij.util.AstLoadingFilter.forceAllowTreeLoading(AstLoadingFilter.java:155)
at com.intellij.util.AstLoadingFilter.forceAllowTreeLoading(AstLoadingFilter.java:147)
at com.intellij.codeInsight.daemon.impl.LocalInspectionsPass.lambda$visitPriorityElementsAndInit$4(LocalInspectionsPass.java:264)
at com.intellij.util.AstLoadingFilter.disallowTreeLoading(AstLoadingFilter.java:126)
at com.intellij.util.AstLoadingFilter.disallowTreeLoading(AstLoadingFilter.java:115)
at com.intellij.codeInsight.daemon.impl.LocalInspectionsPass.lambda$visitPriorityElementsAndInit$5(LocalInspectionsPass.java:264)
at com.intellij.concurrency.ApplierCompleter.execAndForkSubTasks(ApplierCompleter.java:149)
at com.intellij.concurrency.ApplierCompleter.execAndForkSubTasks(ApplierCompleter.java:162)
at com.intellij.openapi.application.impl.ApplicationImpl.tryRunReadAction(ApplicationImpl.java:1110)
at com.intellij.concurrency.ApplierCompleter.lambda$wrapInReadActionAndIndicator$1(ApplierCompleter.java:105)
at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:629)
at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:581)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
at com.intellij.concurrency.ApplierCompleter.wrapInReadActionAndIndicator(ApplierCompleter.java:117)
at com.intellij.concurrency.ApplierCompleter.lambda$compute$0(ApplierCompleter.java:96)
at com.intellij.openapi.application.impl.ReadMostlyRWLock.executeByImpatientReader(ReadMostlyRWLock.java:170)
at com.intellij.openapi.application.impl.ApplicationImpl.executeByImpatientReader(ApplicationImpl.java:182)
at com.intellij.concurrency.ApplierCompleter.compute(ApplierCompleter.java:96)
at java.base/java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:746)
at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020)
at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656)
at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594)
at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)