You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I am currently evaluating JFrog XRay and it kind of gives me mixed results. I was in contact with JFrog support as the CLI did not report vulnerabilities for transitive dependencies. That seems to be sorted out with version 2.8.1 of the CLI.
Now I have the problem, that the JFrog IntelliJ plugin gives me different results compared to the CLI output produced with jfrog am for a very simple test project. For me, the output of the CLI seems to be correct. The results in the plugin seem to miss a few vulnerabilities (though the dependencies are listed correctly).
To Reproduce
Run jfrog am for the provided test project and compare it to the vulnerabilities shown for the project in IntelliJ.
Expected behavior
Output of the CLI and IntelliJ should show the same vulnerabilities for the same code.
Screenshots
Vulnerabilities shown in IntelliJ JFrog tool window:
@MichiKurz,
Thanks for reporting this issue!
There is an issue on JFrog Xray < 3.35.0 using with JFrog IDEA plugin >= 1.10.0 whereby all vulnerabilities belonged to the first component. In your case, you can see that commons-collections:commons-collections:3.2.1 contains 7 vulnerabilities in the Intellij IDEA plugin, however, 4 of them should belong to org.springframework.boot:spring-boot-starter-web:2.5.4.
This issue is resolved in JFrog Xray 3.35.0 and above - feel free to upgrade your Xray version.
Please let me know if that helped.
Describe the bug
I am currently evaluating JFrog XRay and it kind of gives me mixed results. I was in contact with JFrog support as the CLI did not report vulnerabilities for transitive dependencies. That seems to be sorted out with version 2.8.1 of the CLI.
Now I have the problem, that the JFrog IntelliJ plugin gives me different results compared to the CLI output produced with
jfrog am
for a very simple test project. For me, the output of the CLI seems to be correct. The results in the plugin seem to miss a few vulnerabilities (though the dependencies are listed correctly).To Reproduce
Run
jfrog am
for the provided test project and compare it to the vulnerabilities shown for the project in IntelliJ.Expected behavior
Output of the CLI and IntelliJ should show the same vulnerabilities for the same code.
Screenshots
Vulnerabilities shown in IntelliJ JFrog tool window:
Output of
jfrog am
:Versions
Additional context
Test project (Maven):
test-project.zip
The text was updated successfully, but these errors were encountered: