Why are there no examples of how to configure this in settings.json? I have to configure the extension every time

What are the values I can put in settings.json so I dont need to login every time?

Describe the bug
With the Eclipse plugin (https://jfrog.com/help/r/jfrog-integrations-documentation/download?tocId=zjbyPctKiA8tFZD5aga0Iw) we only specify Xray endpoint, username and as password I can specify a token generated from my Artifactory profile and it works.
With this VSCode extension, I must specify 3 endpoints (JFrog Platform, Artifactory and XRay) and when I specify the same token as with Eclipse extension, I get a HTTP 401 answer.

To Reproduce
I have reproduced in my corporate context but it is difficult

Expected behavior
I expect connection works as with Eclipse plugin.

Screenshots

Versions

• JFrog VS-Code extension version: v2.3.4
• JFrog VS-Code extension operating system: Windows
• JFrog Xray Version: 3.60.2

Additional context
I seems works with Eclipse plugin, because it uses my login in addition to token while this VSCode extension attempts authentication only from token, it don't ask me my username/login.

Is your feature request related to a problem? Please describe.
Applying a remediation on a transitive dependency can be :

• tricky to apply
• not supported by the dependency provider
• not tested by the dependency provider

Describe the solution you'd like to see
Having the capability to only see violations targetting direct dependencies.
It could be enabled by a tick box or a toggle button

Describe alternatives you've considered
None

Additional context
None

Is your feature request related to a problem? Please describe.
I use gitbash terminal in VSC that is running in Windows OS. When attempting to run a scan it fails with error: "Could not scan npm project dependencies, because npm CLI is not in the PATH" It is trying to use npm in the default windows path rather then the chosen terminal path which makes this error.

Describe the solution you'd like to see
It should run the scan based on the chosen terminal in VSC rather than the default OS

The Bug/What needs to be fixed:

On our docs, the process is presumably very easy, and after installation, in order to Connect to your JFrog environment, simply "click on the green Connect Connect button" and enter credentials.
However, when using Windows, nothing happens when clicking on the connect button and we cannot add the URLs and credentials.

To Reproduce
Try to connect after downloading the JFrog plugin on Visual Studio Code when using Windows 10.

Expected behavior
Clicking on the Green Connect button asks you to enter credentials.

Versions

OS : Windows 10 Business
VS Code version : 1.71.1
JFrog SaaS : "version": "7.42.2",
"revision": "74202900",
"Xray" : "3.55.2"

Additional context
It seems the issue is because at the time, Windows had a bug that didn't allow storing/retrieving Xray/Artifactory credentials from the credentials helper.
However, now maybe the solution will be to migrate to the built-in SecretStorage.

Current Workaround
Can manually config the credentials as environment variables:
JFROG_IDE_URL=
JFROG_IDE_USERNAME=
JFROG_IDE_PASSWORD=

Is your feature request related to a problem? Please describe.
The extension needs a requirements.txt to work, so Python projects using Poetry are not supported by default.

Describe the solution you'd like to see
Support Poetry projects (with the dependencies listed in the pyproject.toml file.

Describe alternatives you've considered
Manually export the dependencies from the virtualenv in a requirements.txt file with

pip freeze > requirements.txt

Additional context

[INFO - 6:54:25 PM] Starting quick scan
[INFO - 6:54:25 PM] Locating package descriptors in workspace "SpringCloudSPEL".
[ERR - 6:54:25 PM] Error: Could not scan Maven project dependencies, because "mvn" is not in the PATH.
[INFO - 6:54:25 PM] Xray scan completed

Currently, VS code JFrog Xray IDE plugin doesn’t support Ruby/Rails, it should support Ruby/Rails.

Is your feature request related to a problem? Please describe.
We have a mix of IntelliJ and VSCode developers building Java applications with Gradle. THe intelliJ plugin supports Gradle but VSCode does not.

Describe the solution you'd like to see
Support added for Gradle projects.

Describe alternatives you've considered
Having everyone use Intellij, which is not feasible for developers invested in VSCode.

Additional context

I'm trying to scan JavaScript project and see this error in extension Output console.

VsCode about
Version: 1.42.1
Commit: c47d83b293181d9be64f27ff093689e8e7aed054
Date: 2020-02-11T14:44:27.652Z
Electron: 6.1.6
Chrome: 76.0.3809.146
Node.js: 12.4.0
V8: 7.6.303.31-electron.0
OS: Darwin x64 19.3.0

Related PR: #9

Describe the bug
When trying to scan for xray vulnerabilities, if the golang project uses //go:embed notation, the scan fails to find the file resource properly.. leading to go.mod to be flag has error

To Reproduce

1. create subfolder config with file configStruct.go as part of package config

package config

import (
	_ "embed"
)

//go:embed version.txt
var buildVersion string

3. Add the file version.txt under the config folder. Just beside the configStruct.go file
4. Run the jfrog xray scan

Error:

[ERR - 1:39:05 PM] Error: Command failed: go list -f "{{with .Module}}{{.Path}} {{.Version}}{{end}}" all
config\configStruct.go:8:12: pattern version.txt: no matching files found

Expected behavior
The file version.txt is present and should be found.

Versions

• JFrog VS-Code extension version: v2.3.4
• JFrog VS-Code extension operating system: Windows 10
• JFrog Xray Version: 3.76.7

when i run npm install followed by an xray scan, xray runs "npm ls --json --all --package-lock-only --prod", which churns out peer dependecies error and produces no xray results.

Is there a way to subvert this?

I have added Jfrog extension in VSCode and connected with Jfrog Instance. When I start scanning it starts scanning then shows 404 error.

ScreenShot attached

Many of our developers are using the yarn client to install the packages where the jfrog-vs-code extension requires npm

Describe the bug
When running a scan for a python project it says "Please install and activate a virtual environment before running Xray scan. Then, install your Python project in that environment."

To Reproduce
Follow steps in doc, but instead of pypi environment use conda environment (per vscode docs)
Get above error when trying to run a scan.

Versions

• JFrog VS-Code extension version: v1.6.0

Can you elaborate? thank you

I would like the ability to scan projects with NuGet packages when using this extension

This is supported with Visual Studio of course but doesn't seem to be for VS Code

Thanks!

whenever a maven project has a parent pom in .m2 folder, we cannot find the parent pom.xml.
As a result, the UI should disable the focus option.

Hi
We need to get Anaconda/Conda supported in VS Code extension.

Is your feature request related to a problem? Please describe.
Anaconda have been chosen as the Enterprise solution so we need to run Jfrog-Xray scan already in the development environment Visual Studio Code IDE but it is not supported.
Please see this link which explains the same problem #94

Describe the solution you'd like to see
Add support for Anaconda to the VS Code extension.

Describe alternatives you've considered
None.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
Opening a Golang project in Visual Code with jFrog extension enabled causes notification message of "Extension host terminated unexpectedly".
Restarting the Extension Host makes no difference.
Opening Developer Tools and looking at the console there are the following messages:

 WARN UNRESPONSIVE extension host, 'JFrog.jfrog-vscode-extension' took 95% of 5622.04ms, saved PROFILE here: 'file:///c%3A/Users/{username}/AppData/Local/Temp/exthost-482aef.cpuprofile'

Array(2)
0: id: "gc", percentage: 5, total: 295823
1: id: "JFrog.jfrog-vscode-extension", percentage: 95, total: 5325888

and

<--- Last few GCs --->
[20552:0000028200000000]    98829 ms: Scavenge (reduce) 3617.3 (3949.9) -> 3616.7 (3949.9) MB, 4.9 / 0.0 ms  (average mu = 0.803, current mu = 0.599) allocation failure
[20552:0000028200000000]    99409 ms: Scavenge (reduce) 3617.4 (3949.9) -> 3616.8 (3949.9) MB, 8.2 / 0.0 ms  (average mu = 0.803, current mu = 0.599) allocation failure
<--- JS stacktrace --->
FATAL ERROR: MarkCompactCollector: young object promotion failed Allocation failed - JavaScript heap out of memory
<--- Last few GCs --->
[20552:0000028200000000]    98829 ms: Scavenge (reduce) 3617.3 (3949.9) -> 3616.7 (3949.9) MB, 4.9 / 0.0 ms  (average mu = 0.803, current mu = 0.599) allocation failure
[20552:0000028200000000]    99409 ms: Scavenge (reduce) 3617.4 (3949.9) -> 3616.8 (3949.9) MB, 8.2 / 0.0 ms  (average mu = 0.803, current mu = 0.599) allocation failure
<--- JS stacktrace --->
FATAL ERROR: MarkCompactCollector: young object promotion failed Allocation failed - JavaScript heap out of memory

and

ERR Extension host terminated unexpectedly. The following extensions were running:
vscode.microsoft-authentication, 
vscode.debug-auto-launch,
vscode.git,
JFrog.jfrog-vscode-extension,
golang.go,
ms-vscode.js-debug,
vscode.github,
vscode.github-authentication,
vscode.emmet, vscode.merge-conflict,
ms-vscode-remote.remote-wsl-recommender,
vscode.testing-editor-contributions,
dbaeumer.vscode-eslint,
eamodio.gitlens,
ms-vscode-remote.remote-wsl

To Reproduce
Open Golang project of ~188 .go files and ~27 third party imports referenced in the go.mod. The go.sum file is populated and valid.

Expected behavior

Screenshots

Versions

• JFrog VS-Code extension version: 1.8.0
• JFrog VS-Code extension operating system: Windows 10 21H1
• JFrog Xray Version: JFrog Cloud
• VS-Code version: 1.58.2
• Golang version: 1.16.6

Additional context
The extension works fine with a very small Golang project of 5 files.
Running on i7 1.99GHz laptop with 40GB RAM

Hi,
I am using Windows and WSL.
Where are the configuration files located? I am seeing Refresh: user is not signed in messages in the jfrog output. I am never asked how to put in my login details. It is cached somewhere but I cannot find it. I have uninstalled the extension and even deleted the jfrog cli and cleared all jfrog config in wsl and on the windows host.

I have turned on debug mode. The first line says Trying to read credentials from KeyStore. Which keystore? It then resolves the platform, xray and artifactory url and then I get the not signed in log message.

How can I fix this?
Thank you for the help.

Describe the bug
When scanning a project in JFrog IDE plugin latest version, the scan fails on Windows because there is " missing in the -Dfile argument -

The argument used -
-Dfile=c:\Users\Shachar Menashe\.vscode\extensions\jfrog.jfrog-vscode-extension-2.3.1\resources\maven-gav-reader.jar

The argument that should be used -
-Dfile="c:\Users\Shachar Menashe\.vscode\extensions\jfrog.jfrog-vscode-extension-2.3.1\resources\maven-gav-reader.jar"

To Reproduce
Using IDE Plugin 2.3.1, Connected to Xray 3.74.8, scan the following project in the IDE -
https://github.com/WebGoat/WebGoat

Observe that the scan crashes on an Exception (see screenshot)

Expected behavior
Scanning the WebGoat project should completely successfully without a crash

Versions

• JFrog IDEA plugin version: 2.3.1
• Operating system: Windows 10 Pro 22H2 19045.2965
• Xray version: 3.74.8

Integration with Projects not supported.
IntelliJ IDEA has the ability to link to a project key, but does not seem to be available in vs code.

Describe the bug
After entering an incorrect Xray configuration, the status bar simply displays "Checking connection with Xray server" for a couple of minutes, and then a black dialog box appears

To Reproduce
Steps to reproduce the behavior

• Connect to the JFrog Platform by clicking on the green Connect button
• Enter an incorrect Xray configuration

Expected behavior
A clear informative message should appear

Screenshots

Versions

• JFrog VS-Code extension version: 1.8
• JFrog VS-Code extension operating system: Windows 10
• JFrog Xray Version: 3.16.0

Describe the bug
We have an X-Ray server only reachable over a proxy server; lets say X-Ray server is https://xray and proxy is http://proxy:6789; note that proxy is http and X-Ray is https. I set the proxy in vscode and this seems to be working perfectly fine, i.e. I can install plugins, update vscode and wireshark for example logs from my ip to proxy ip: CONNECT update.code.visualstudio.com:443 HTTP/1.1 which succeeds with "Connection Established" etc.
But after entering the X-Ray configuration, the status bar just says "Checking connection with Xray server..." for about maybe 10 minutes and then an alert window pops up saying "Socket hang up".
Wireshark logs something weird (at least in my opinion): There is no CONNECT to the proxy but an http POST to the proxy with request url https://xray/api/v1/summary/component. In my opinion, wireshark should not see this POST because the connection should be ssl/tls encrypted but it seems like the plugin never tries to establish an ssl connection.

To Reproduce
Try to configure an https xray over an http proxy

Expected behavior
A successful connection to xray

Versions

• JFrog VS-Code extension version: 1.6.0
• JFrog VS-Code extension operating system: Windows 10 19042.746
• JFrog Xray Version: 2.7.6

Describe the bug
When filtering by severity, the tree shows all nodes that contain issues with the requested severities. If those node contain issues of unrequested severities, they are shown as well instead of filtered out.

To Reproduce
Open a project that has nodes with vulnerabilities of different severities. Select a single severity in the severity filter. Vulnerabilities of different severity will still be shown.

Expected behavior
The tree should be updated to show only the requested severities.

Screenshots

Versions

• JFrog VS-Code extension version: 1.11.0

Additional context
Might happen with other filters as well, haven't tested.

Describe the bug
After installing the Jfrog extension v 2.5.0 on vs studio, the extension icon is not visible on the side bar

To Reproduce
Try installing extension v2.5.0 or any version >= v2.2.0

Expected behavior
The sidebar should be displaying the extension icon

Screenshots

Versions

• JFrog VS-Code extension version: 2.5.0
• JFrog VS-Code extension operating system: Windows 10
• JFrog Xray Version: 7.41.7

Additional context
with versions up to 2.1 the icon is displayed

Is your feature request related to a problem? Please describe.
My feature request is for JFrog VSCode extension to support Yarn 2 workspaces. This can be frustrating for developers who use Yarn 2 workspaces in their projects and would like to use the JFrog extension for software composition analysis.

Describe the solution you'd like to see
I would like to see the JFrog VSCode extension updated to support Yarn 2.

Describe alternatives you've considered
An alternative might be to use a different platform/extension. Maybe remove all yarn references and reinstall using npm or downgrade yarn each time i wish to run SCA.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
When scanning the exact same Maven project, different results/vulnerabilities are shown in the JFrog-supported IDEs. It appears that Eclipse has the most accurate data and number of dependencies, and that VSCode (and IntelliJ) provide different results, likely due to certain dependencies not showing up.

To Reproduce
Add these dependencies to a Maven project and scan it using IntelliJ, Eclipse & VSCode.

Expected behavior
VSCode should scan and find the exact same dependencies and vulnerabilities as other IDEs.

Screenshots

Versions

• JFrog VS-Code extension version: 1.6.0
• JFrog VS-Code extension operating system: Windows Server 2019
• JFrog Xray Version: 3.x

Describe the bug
When wanting to switch to CLI view, I am getting error that Build Name Pattern is not saved. I have added * (according to wiki) but
I am keeping getting this error message.

To Reproduce
Set Build Name Pattern and switch to CLI view

Expected behavior
Switched to CLI view

Screenshots

Versions

• JFrog VS-Code extension version: v2.7.1
• JFrog VS-Code extension operating system: Linux 16.04
• JFrog Xray Version:

Additional context
Extension installed on Linux 16, that is accessed via SSH connection

After connecting to my Xray instance successfully and initiating a scan I get an error that claims I don't have a virtual environment installed. Full error is:

Please install and activate a virtual environment before running Xray scan. Then, install your Python project in that environment.

My virtual environment is named 'venv' and lives at the root of my project. I have it selected as my virtual environment per VSCode's instructions and have pip installed all packages to that environment. Debug log from JFrog as follows:

[INFO - 3:56:52 PM] Starting slow scan
[INFO - 3:56:52 PM] Locating go.mod files in workspace "workspace".
[DEBUG - 3:56:53 PM] No go.mod files found in workspaces.
[INFO - 3:56:53 PM] Locating package json files in workspace "workspace".
[DEBUG - 3:56:53 PM] No package.json files found in workspaces.
[INFO - 3:56:53 PM] Locating python files in workspace "workspace".
[DEBUG - 3:56:53 PM] Detected python files in workspace workspace: [file:///project/directory/requirements.txt]
[INFO - 3:56:53 PM] Locating pom.xml files in workspace "workspace".
[DEBUG - 3:56:53 PM] No pom.xml files found in workspaces.
[INFO - 3:56:53 PM] Locating *.sln files in workspace "workspace".
[DEBUG - 3:56:53 PM] No *.sln files found in workspaces.

I thought I followed the instructions in the README correctly. Any thoughts on why this might be happening?

• Issue Type: Performance
• Extension Name: jfrog-vscode-extension
• Extension Version: 1.14.2
• OS Version: Darwin x64 19.6.0
• VS Code version: 1.72.2

⚠️ Make sure to attach this file from your home-directory:
⚠️file:///var/folders/93/7251cq093pz2rt2v6ss2qgv40000gn/T/JFrog.jfrog-vscode-extension-unresponsive.cpuprofile.txt

Find more details here: https://github.com/microsoft/vscode/wiki/Explain-extension-causes-high-cpu-load

Describe the bug
While Xray is offline and we are trying to connect to JForg platform using credentials, we will receive the following error:
Sign in failed
Invalid credentials.

To Reproduce
Stop Xray and try to login through the plugin using credentials (username, password).

Expected behavior
Throw more accurate error such as:
Cannot reach Xray.

Screenshots

Versions

• JFrog VS-Code extension version: 2.8.1
• JFrog VS-Code extension operating system: Windows, Linux
• JFrog Xray Version: 3.82.10

Additional context
Add any other context about the problem here.

Describe the bug
When reaching my corporate proxy via HTTP to hit on the JFrog platform via HTTPS, the connection doesn't get throught and I get an error message "Socket close / hang up".
The extension does take the proxy params from VS code based on the source code and use it to configure the jfrog client. However this issue in the axios lib mentions this exact problem.

To Reproduce

1. Setup a JFrog platform accessible via HTTPS (CA or self signed cert)
2. Configure a Proxy reachable via HTTP
3. Install and configure the JFrog VS extension to hit on the proxy via HTTP
4. Run "dependency scan"

Expected behavior
The VS code extension should be able to cover a connection to a proxy via HTTP redirecting to HTTPS

Screenshots
If applicable, add screenshots to help explain your problem.

Versions

• JFrog VS-Code extension version: v1.14.2
• JFrog VS-Code extension operating system: Mac OS 13.1 (Ventura), Windows 10 & 11
• JFrog Xray Version: tested on 3.52.4 and 3.63.2

Additional context
Possible workarounds are to use one of this combinations :

• HTTP proxy + HTTP JFrog Platform
• HTTPS proxy + HTTPS JFrog Platform

However it has to be taken at the corporate infrastructure level ....

Is your feature request related to a problem? Please describe.
It is a bit frustrating when go.mod is being modified constantly while git checkout/rebase commands execution.

Describe the solution you'd like to see
Add the ability to pause the automate scan with clear indication
that the scan results is out of date.

Describe alternatives you've considered

Additional context

We are running JFrog artifactory 7.7.3 which has integrated xray.
Let's say our URL is https://artifactory.test.com/
What will be the URL for xray?

Hi,

I'm looking at creating a cli that sets up my developers workstations. i.e. installing and configuring default extensions etc.

Is there a way to programmatically setup the jFrog credentials rather than going via the connect button?

Also when asking for username/password. If your using a identity provider like github for access what would you enter?

Thanks

Paul

Is your feature request related to a problem? Please describe.
I have projects with a Dockerfile used to package the software, but the IDE plugin only gives my vulnerabilities from the software dependencies.

Describe the solution you'd like to see
If a folder loaded in the workspace have a Dockerfile (or multiple, perhaps glob on Dockerfile.*) then the Dockerfile(s) should be scanned for FROM lines and those images should be scanned the same as if I use the jf docker scan command individually on each of them.

Describe alternatives you've considered
Manually running jf docker scan on each 3rd party image my Dockerfile depends on.

Additional context
Project directory has a Dockerfile

Add it to the JFrog Issues view with all the FROM images scanned

Describe the bug
Everytime I start vscode with a go project I get this:
Error: Request failed with status code 404
and obviously no feature for the extension is functional.

To Reproduce
Start vscode

Expected behavior
working extension

Screenshots
https://i.imgur.com/yUW5PSY.png

Versions

• JFrog VS-Code extension version: 1.5.1
• JFrog VS-Code extension operating system: Windows(10.2004) , Linux(Fedora.32)
• JFrog Xray Version:

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
C++ is not a supported langage

Describe the solution you'd like to see
Conan is a package manager (from jfrog!) for C++ projects

I am getting the following error message right after entering the basic configuration (url, user, pwd). There is no output at the output / JFrog console.

VSCode 1.42.1
JFrog Visual Studio Code Extension 1.1.1
Windows 10 1803