The JFrog Plugin offers two modes: Local and CI. You can switch between them using the JFrog Panel tabs at the IDE's bottom.
- Displays information about the local code as it is being developed in the IDE.
- Enables continuous scanning of your project with the JFrog Platform.
- Identifies security vulnerabilities in dependencies and source code before they become part of the final product.
- To scan your project, click the Run Scan button in the JFrog panel.
- Tracks code as it is built, tested, and scanned by a CI server.
- Displays build status and includes a link to the CI server log.
- Provides security information about build artifacts and dependencies.
- Accessible through the JFrog Panel > CI Tab.
The plugin uses severity icons to indicate the highest severity issue within a selected component and its transitive dependencies.
| Icon | Severity | Description |
|---|---|---|
 |
Critical | Issue with critical severity |
 |
High | Issue with high severity |
 |
Medium | Issue with medium severity |
 |
Low | Issue with low severity |
 |
Unknown | Issue with unknown severity |
     |
Not Applicable | CVE issue not applicable to source code |
 |
Normal | No issues (used only in CI view) |
- The CI information displayed in the IDE is fetched from JFrog Artifactory.
- Build details are stored as build-info, published to Artifactory by the CI server.
- If JFrog Xray scans build-info, the plugin will display the scan results in the CI View.
Before the CI View can display data, configure your CI pipeline to expose build information:
- Go to Settings (Preferences) > Other Settings > JFrog Global Configuration.
- Configure your JFrog Platform URL and user credentials.
- Navigate to Settings (Preferences) > Other Settings > JFrog CI Integration.
- Set your CI Build Name Pattern – this should match the build name published to Artifactory.
- Use
*to view all builds published to Artifactory.
- Use
- Click Apply, then open the CI Tab in the JFrog panel.
- Click Refresh to fetch and display build details.