forked from jfrog/jfrog-vscode-extension
-
Notifications
You must be signed in to change notification settings - Fork 0
/
package.json
398 lines (398 loc) · 17.7 KB
/
package.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
{
"name": "jfrog-vscode-extension",
"displayName": "JFrog",
"description": "Security scanning for your Go, npm, Pypi, Maven and NuGet projects.",
"version": "2.11.6",
"license": "Apache-2.0",
"icon": "resources/extensionIcon.png",
"repository": {
"type": "git",
"url": "https://github.com/jfrog/jfrog-vscode-extension"
},
"homepage": "https://jfrog.github.io/jfrog-vscode-extension",
"bugs": {
"url": "https://github.com/jfrog/jfrog-vscode-extension/issues"
},
"publisher": "JFrog",
"engines": {
"vscode": "^1.80.0"
},
"categories": [
"Other"
],
"activationEvents": [
"onStartupFinished"
],
"main": "./dist/extension",
"contributes": {
"viewsWelcome": [
{
"view": "jfrog.issues",
"contents": "Your project is ready to be scanned for security issues as described below.\nThe basic functionality includes Software Composition Analysis (SCA). We will scan your project dependencies for security issues and also show you enriched CVE data provided by the JFrog Security Research team.\n\nIf your JFrog subscription includes [Advanced DevSecOps](https://jfrog.com/xray/) enabled, we'll also run the following scans:\n\n[Vulnerability Contextual Analysis](https://github.com/jfrog/jfrog-vscode-extension#vulnerability-contextual-analysis) - This feature uses the code context to eliminate false positive reports on vulnerable dependencies that are not applicable to the code. Vulnerability Contextual Analysis is currently supported for Python, JavaScript and Java code.\n[SAST](https://github.com/jfrog/jfrog-vscode-extension#static-application-security-testing-sast) - Provides fast and accurate security-focused engines that detect zero-day security vulnerabilities on your source code sensitive operations, while minimizing false positives.\n[Secrets Detection](https://github.com/jfrog/jfrog-vscode-extension#secrets-detection) - Detect and prevent the inclusion of sensitive information, such as credentials and API keys, in your codebase.\n[Infrastructure as Code (IaC) scans](https://github.com/jfrog/jfrog-vscode-extension#infrastructure-as-code-iac-scan) - IaC files, such as Terraform, to identify security vulnerabilities and misconfigurations before deploying your cloud infrastructure. Get actionable insights and recommendations for securing your IaC configurations.",
"when": "jfrog.connection.status == signedIn && jfrog.firstScanInWorkspace"
},
{
"view": "jfrog.issues",
"contents": "Your project was scanned and we didn't find any security issues.\n[Rescan](command:jfrog.scan.refresh)",
"when": "jfrog.connection.status == signedIn && !jfrog.firstScanInWorkspace"
},
{
"view": "jfrog.issues",
"contents": "Couldn't connect to your JFrog Platform. \n[Reconnect](command:jfrog.xray.reConnect) \n [Reset your connection details](command:jfrog.xray.resetConnection)",
"when": "jfrog.connection.status == connectionLost"
}
],
"viewsContainers": {
"activitybar": [
{
"id": "jfrog",
"title": "JFrog",
"icon": "resources/extensionIcon.png"
}
]
},
"views": {
"jfrog": [
{
"id": "jfrog.view.ci.issues",
"name": "CI",
"when": "jfrog.view.type == Ci"
},
{
"id": "jfrog.view.ci.issues.details",
"name": "Details",
"when": "jfrog.view.type == Ci"
},
{
"id": "jfrog.issues",
"name": "Issues",
"when": "jfrog.view.type == Local"
},
{
"id": "jfrog.webview.sidebar",
"type": "webview",
"name": "Sign in",
"when": "jfrog.view.type == Login"
}
]
},
"configuration": {
"title": "JFrog",
"properties": {
"jfrog.useSpecificScannersVersion": {
"type": "string",
"scope": "application",
"pattern": "^$|^\\d+\\.\\d+\\.\\d+$",
"markdownDescription": "Specifies the JFrog Scanners version to use. (format X.X.X). By default the latest stable scanners version is used."
},
"jfrog.customRulesPath": {
"type": "string",
"scope": "resource",
"markdownDescription": "Absolute Path to a local custom rules file. The file should be in JSON format and contain the additional custom rules to be applied during the scan."
},
"jfrog.xray.exclusions": {
"type": "string",
"default": "**/*{.git,test,venv,node_modules,target}*",
"scope": "resource",
"pattern": "^\\*\\*/\\*\\{([^{},]+(,[^{},]+)*)\\}\\*$",
"markdownDescription": "A [glob pattern](https://code.visualstudio.com/api/references/vscode-api#GlobPattern) used to exclude specific paths from being scanned by JFrog Xray. For example, go.mod files under directories named testdata will not be scanned."
},
"jfrog.view.ciIntegration.buildNamePattern": {
"type": "string",
"scope": "resource",
"markdownDescription": "A wildcards pattern, to match the name of builds published to Artifactory. Only builds which match the pattern are visible under the CI tab."
},
"jfrog.excludeDevDependencies": {
"type": "boolean",
"scope": "application",
"markdownDescription": "Exclude development dependencies during the scan. Currently, only npm is supported."
},
"jfrog.externalResourcesRepository": {
"type": "string",
"scope": "application",
"markdownDescription": "By default, the JFrog extension downloads the necessary tools needed from https://releases.jfrog.io. If the machine that runs JFrog extension has no access to it, you can create a remote repository in Artifactory which proxy https://releases.jfrog.io and set it name here. The JFrog extension will download the tools from the remote repository."
},
"jfrog.projectKey": {
"type": "string",
"scope": "application",
"markdownDescription": "Optionally use the Project Key field to allow the security and license compliance information displayed in VS-Code, to reflect the security policies required by your organization. This is done as follows:\n\nCreate a [JFrog Project](https://www.jfrog.com/confluence/display/JFROG/Projects), or obtain the relevant JFrog Project key.\n\nCreate a [Policy](https://www.jfrog.com/confluence/display/JFROG/Creating+Xray+Policies+and+Rules) on JFrog Xray.\n\nCreate a [Watch](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches) on JFrog Xray and assign your Policy and Project as resources to it."
},
"jfrog.watches": {
"type": "array",
"items": {
"type": "string"
},
"scope": "application",
"markdownDescription": "Add one or more Xray Watches, to reflect the security policies required by your organization.\n\nIf both “Project Key” and “Watches” are configured, VS Code will use the configured Watches, and not the Project Key to determine the policy for the security scanning."
},
"jfrog.reportAnalytics": {
"type": "boolean",
"default": true,
"scope": "application",
"markdownDescription": "Help us improve the JFrog extension by sending analytic data and errors to JFrog."
},
"jfrog.showAdvanceScanLog": {
"type": "boolean",
"default": false,
"scope": "application",
"markdownDescription": "Show the detailed advance scan logs at debug level."
},
"jfrog.logLevel": {
"type": "string",
"default": "info",
"enum": [
"debug",
"info",
"warn",
"err"
],
"scope": "application",
"markdownDescription": "The logging level the extension logs at, defaults to 'info'"
},
"jfrog.connectionRetries": {
"type": "number",
"default": 3,
"scope": "application",
"markdownDescription": "Maximum connection retry attempts"
},
"jfrog.connectionTimeout": {
"type": "number",
"default": 60,
"scope": "application",
"markdownDescription": "Timeout period before the connection is terminated in seconds"
}
}
},
"commands": [
{
"command": "jfrog.open.settings",
"title": "Open extension settings",
"icon": "$(extensions-manage)",
"category": "JFrog"
},
{
"command": "jfrog.open.feedback",
"title": "Send us feedback",
"icon": "$(feedback)",
"category": "JFrog"
},
{
"command": "jfrog.scan.refresh",
"title": "Refresh",
"icon": {
"light": "resources/light/refresh.png",
"dark": "resources/dark/refresh.png"
},
"category": "JFrog",
"enablement": "jfrog.connection.status == signedIn && !jfrog.scanInProgress"
},
{
"command": "jfrog.xray.disconnect",
"title": "Disconnect",
"icon": "$(debug-disconnect)",
"category": "JFrog",
"enablement": "!jfrog.scanInProgress"
},
{
"command": "jfrog.xray.filter",
"title": "Filter",
"icon": {
"light": "resources/light/filter.png",
"dark": "resources/dark/filter.png"
},
"category": "JFrog",
"enablement": "jfrog.connection.status == signedIn && !jfrog.scanInProgress"
},
{
"command": "jfrog.issues.open.ignore",
"title": "Add ignore rule",
"icon": "$(eye-closed)",
"enablement": "viewItem =~ /jfrog.issues.open.ignore.enabled/"
},
{
"command": "jfrog.xray.copyToClipboard",
"title": "Copy",
"enablement": "viewItem =~ /jfrog.item.copy.to.clipboard/"
},
{
"command": "jfrog.issues.cache.delete",
"title": "Delete cache",
"category": "JFrog"
},
{
"command": "jfrog.xray.builds",
"title": "Select build to display",
"icon": {
"light": "resources/light/build.png",
"dark": "resources/dark/build.png"
},
"category": "JFrog",
"enablement": "isCi"
},
{
"command": "jfrog.view.local",
"title": "Switch to local mode",
"icon": "$(home)",
"category": "JFrog",
"enablement": "!jfrog.scanInProgress && jfrog.view.type == Ci"
},
{
"command": "jfrog.view.ci",
"title": "Switch to CI mode",
"icon": {
"light": "resources/light/ci.png",
"dark": "resources/dark/ci.png"
},
"category": "JFrog",
"enablement": "!jfrog.scanInProgress && jfrog.view.type == Local"
}
],
"menus": {
"view/title": [
{
"command": "jfrog.xray.disconnect",
"when": "jfrog.connection.status == signedIn && view =~ /^jfrog.issues$|^jfrog.view.ci.issues$/",
"group": "navigation@0"
},
{
"command": "jfrog.scan.refresh",
"when": "view == jfrog.view.ci.issues || view == jfrog.issues",
"group": "navigation@1"
},
{
"command": "jfrog.xray.filter",
"when": "view == jfrog.view.ci.issues",
"group": "navigation@2"
},
{
"command": "jfrog.view.local",
"when": "view == jfrog.view.ci.issues",
"group": "navigation@3"
},
{
"command": "jfrog.view.ci",
"when": "view == jfrog.issues",
"group": "navigation@3"
},
{
"command": "jfrog.xray.builds",
"when": "view == jfrog.view.ci.issues",
"group": "navigation@4"
},
{
"command": "jfrog.open.settings",
"when": "view == jfrog.view.ci.issues || view == jfrog.issues",
"group": "navigation@5"
},
{
"command": "jfrog.open.feedback",
"when": "view == jfrog.view.ci.issues || view == jfrog.issues",
"group": "navigation@6"
}
],
"view/item/context": [
{
"command": "jfrog.issues.open.ignore",
"when": "viewItem =~ /jfrog.issues.open.ignore.enabled/",
"group": "inline"
},
{
"command": "jfrog.xray.copyToClipboard",
"when": "viewItem =~ /jfrog.item.copy.to.clipboard/"
}
]
},
"jsonValidation": [
{
"fileMatch": [
"**/filespecs/*.json",
"*filespec*.json",
"*.filespec"
],
"url": "https://github.com/jfrog/jfrog-cli/raw/v2/schema/filespec-schema.json"
}
]
},
"scripts": {
"vscode:prepublish": "rm -rf dist && webpack --mode production && cp -r node_modules/jfrog-ide-webview/build dist/jfrog-ide-webview",
"webpack": "rm -rf dist && webpack --mode development && cp -r node_modules/jfrog-ide-webview/build dist/jfrog-ide-webview",
"format": "prettier --write \"src/**/*.ts\" \"package.json\" \"tsconfig.json\" \".eslintrc.js\"",
"compile": "tsc -p ./",
"watch": "tsc -watch -p ./",
"lint": "eslint -c .eslintrc.js --ext .ts src",
"pretest": "npm run compile",
"test": "node ./out/test/runTest.js",
"package": "vsce package"
},
"dependencies": {
"adm-zip": "~0.5.9",
"fs-extra": "~10.1.0",
"jfrog-client-js": "^2.8.0",
"jfrog-ide-webview": "https://releases.jfrog.io/artifactory/ide-webview-npm/jfrog-ide-webview/-/jfrog-ide-webview-0.2.14.tgz",
"js-yaml": "^4.1.0",
"json2csv": "~5.0.7",
"nuget-deps-tree": "^0.3.1",
"original-fs": "~1.1.0",
"p-queue": "~6.6.2",
"retries": "~1.0.0",
"semver": "^7.5.4",
"typescript-collections": "~1.3.3",
"walkdir": "~0.4.1",
"xmlbuilder2": "~3.1.1"
},
"devDependencies": {
"@faker-js/faker": "^7.1.0",
"@types/adm-zip": "^0.5.0",
"@types/chai": "^4.3.1",
"@types/fs-extra": "^9.0.13",
"@types/glob": "^7.2.0",
"@types/js-yaml": "^4.0.5",
"@types/json2csv": "^5.0.3",
"@types/mocha": "^9.1.1",
"@types/semver": "^7.3.9",
"@types/sinon": "^10.0.15",
"@types/tmp": "^0.2.3",
"@types/vscode": "1.64.0",
"@typescript-eslint/eslint-plugin": "^5.27.0",
"@typescript-eslint/parser": "^5.27.0",
"@vscode/vsce": "^2.21.0",
"chai": "^4.3.6",
"eslint": "^8.16.0",
"eslint-config-prettier": "^8.5.0",
"glob": "^8.0.3",
"mocha": "^10.0.0",
"nock": "^13.2.7",
"ovsx": "^0.8.3",
"prettier": "^1.19.1",
"sinon": "^15.2.0",
"tmp": "^0.2.1",
"ts-loader": "^9.3.0",
"typescript": "^4.7.2",
"vscode-test": "^1.6.1",
"webpack": "^5.76.0",
"webpack-cli": "^4.9.2"
},
"keywords": [
"go",
"js",
"ts",
"npm",
"scan",
".net",
"xray",
"jfrog",
"maven",
"nuget",
"devops",
"golang",
"nodejs",
"python",
"dotnet",
"security",
"devsecops",
"javascript",
"typescript",
"artifactory",
"vulnerabilities"
]
}