The JFrog VS Code Extension offers two modes: Local and CI. You can switch between them using the respective buttons next to the components tree.
- Displays information about the local code as it is being developed in VS Code.
- Enables continuous scanning of your workspace.
- Shows security vulnerabilities in dependencies and source code before they become part of the final product.
- To scan your workspace, click the Scan/Rescan button in the extension tab or select Start Xray Scan from the editor.
- Tracks code as it is built, tested, and scanned by a CI server.
- Displays build status and includes a link to the CI server log.
- Provides security information about build artifacts and dependencies.
- Accessible through the JFrog Panel after switching to CI mode.
| Icon | Severity | Description |
|---|---|---|
 |
Critical | Issue with critical severity |
 |
High | Issue with high severity |
 |
Medium | Issue with medium severity |
 |
Low | Issue with low severity |
 |
Unknown | Issue with unknown severity |
     |
Not Applicable | CVE issue not applicable to source code |
Before the CI View can display data, the CI pipeline must be configured correctly. Follow the guide on how to configure your CI pipeline to expose this data.
- In Extension Settings, set the Build name pattern to match the build name published to Artifactory.
- Use
*to view all builds published to Artifactory. - After fetching builds from Artifactory, click the Builds button to select which build to display.