Before you go, check out these stories!

0
Hackernoon logoHow To Block Security Vulnerabilities from Penetrating Your Code by@jfrog

How To Block Security Vulnerabilities from Penetrating Your Code

Author profile picture

@jfrogJFrog

Universal End-to-End DevOps Platform for Continuous Software Releases

As continuous software deployments grow and become the accepted standard, security measures gain even more importance. From development and all the way through to production, security requirements should be adopted by all teams in an organization.

JFrogย IDE integrationsย provide security and compliance intelligence to the developer right from within their IDE. The plugins/extensions allow users to scan their project dependencies and viewย security vulnerabilitiesย and licence compliance issues during development time.

Whatโ€™s Supported?

Currently JFrog supports four IDE integrations, all working with the same functionalities.

  • Visual Studio Codeย โ€“ scanning your Maven, Python, Go and npm project dependencies
  • IntelliJ IDEAย โ€“ scanning your Maven, Gradle, Go and npm project dependencies
  • Eclipseย โ€“ scanning your Maven, Gradle and npm project dependencies
  • Visual Studioย โ€“ scanning your NuGet project dependencies

Whatโ€™s included in the Plugin/Extension?

When installed, you will see a JFrog tab on the screen. The JFrog panel includes a dependency tree view, with the projectโ€™sย direct dependencies at the top level andย transitive dependenciesย that you can view when drilling down further in the tree. For example, in Visual Studio Code:

JFrog Xray automatically performs a scan whenever there is a change in the dependencies in the project. Clicking on a dependency displays its details, including the detected issue type, severity level, version, license, and issue summary.

For example, in IntelliJ IDEA:

It is also possible to filter scan results according to severity using colour, for example high severity is displayed in red. Moreover, if a transitive dependency has a vulnerability or violation at the bottom of the tree, all of its parent dependencies, will be marked as vulnerable as well. This view allows pinpointing the transitive dependency, responsible for the vulnerability.

You can jump from a dependency in the tree to its definition on the editor.

There are manyย additional useful features, including searching for a dependency in the tree, hovering over a dependency in the editor to quickly display information about it, and viewing licenses directly from within the pom.xml,ย  package.json, requirements.txt or go.mod.

Shifting Left with Security

Delivering highly secure software, faster, requires efforts from all teams, as part of yourย DevOps workflow.ย Shifting leftย as part of a DevSecOps strategy with more tools, enables developers to stop any potential threats, such as security vulnerabilities and license violations, right from the start.

This enables dev teams to easily mitigate any issues before they cause any potential risk to the organization, saving time and money in the long run.

If you havenโ€™t started working with JFrog Xray yet, visit the JFrog website andย start your free trial.

Previously published at https://jfrog.com/blog/block-security-vulnerabilities-from-entering-your-code/

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.