GITBOOK-178: change request with no subject merged in GitBook

Author: Talia Rosin

jfrog-applications/SUMMARY.md

@@ -46,17 +46,17 @@
     * [JFrog CLI Plugins Developer Guide](jfrog-cli/cli-plugins/developer-guide.md)
 * [IDE](ide/README.md)
   * [Visual Studio Code](ide/visual-studio-code/README.md)
+    * [VS Code Prerequsites Per Language](ide/visual-studio-code/behind-the-scenes.md)
     * [Supported Technologies](jfrog-applications/ide/visual-studio-code/supported-technologies.md)
-    * [Install the JFrog VS Code Extension](ide/visual-studio-code/install-the-jfrog-vscode-extension.md)
-    * [Connect VS Code to the JFrog Platform](ide/visual-studio-code/connect-vs-code-to-the-jfrog-platform.md)
-    * [Using the JFrog Extension in VS Code](ide/visual-studio-code/using-the-jfrog-extension-in-vs-code.md)
-    * [Analyze your Results](ide/visual-studio-code/analyze-your-results.md)
-    * [Resolve Issues](ide/visual-studio-code/resolve-issues.md)
-    * [Ignore Findings](ide/visual-studio-code/ignore-findings.md)
-    * [Behind the Scenes](ide/visual-studio-code/behind-the-scenes.md)
-    * [Extension Settings](ide/visual-studio-code/extension-settings.md)
-    * [Xray Policies and Watches](ide/visual-studio-code/xray-policies-and-watches.md)
-    * [Building and Testing the Sources](ide/visual-studio-code/building-and-testing-the-sources.md)
+    * [Install the JFrog VS Code Extension](jfrog-applications/ide/visual-studio-code/install-the-jfrog-vscode-extension/README.md)
+      * [Connect VS Code to the JFrog Platform](jfrog-applications/ide/visual-studio-code/install-the-jfrog-vscode-extension/connect-vs-code-to-the-jfrog-platform.md)
+    * [Manage VS Code IDE](ide/visual-studio-code/extension-settings.md)
+    * [Quick Start](ide/visual-studio-code/using-the-jfrog-extension-in-vs-code.md)
+    * [How Tos](jfrog-applications/ide/visual-studio-code/how-tos/README.md)
+      * [Analyze your Results](jfrog-applications/ide/visual-studio-code/how-tos/analyze-your-results/README.md)
+        * [Resolve Issues](jfrog-applications/ide/visual-studio-code/how-tos/analyze-your-results/resolve-issues.md)
+        * [Ignore Findings](jfrog-applications/ide/visual-studio-code/how-tos/analyze-your-results/ignore-findings.md)
+      * [Building and Testing the Sources](jfrog-applications/ide/visual-studio-code/how-tos/building-and-testing-the-sources.md)
   * [JetBrains IDEs](ide/jetbrains-ides/README.md)
     * [Supported Technologies](jfrog-applications/ide/jetbrains-ides/supported-technologies.md)
     * [Install the JFrog IDEA Plugin](ide/jetbrains-ides/install-the-jfrog-idea-plugin.md)

jfrog-applications/ide/visual-studio-code/extension-settings.md

@@ -1,4 +1,4 @@
-# Extension Settings
+# Manage VS Code IDE
 
 To access the extension settings, click on the gear icon:
 
@@ -20,26 +20,23 @@ If your JFrog environment is behind an HTTP/S proxy, follow these steps to confi
 
 #### Downloading External Resources Through Artifactory
 
-JFrog VS Code extension requires necessary resources for scanning your projects.
-By default, the JFrog VS Code extension downloads the resources it requires from <https://releases.jfrog.io>. If the machine running JFrog VS Code extension has no access to it, follow these steps to allow the resources to be downloaded through an Artifactory instance, which the machine has access to:
+JFrog VS Code extension requires necessary resources for scanning your projects. By default, the JFrog VS Code extension downloads the resources it requires from [https://releases.jfrog.io](https://releases.jfrog.io). If the machine running JFrog VS Code extension has no access to it, follow these steps to allow the resources to be downloaded through an Artifactory instance, which the machine has access to:
 
 1. Login to the JFrog Platform UI, with a user who has admin permissions.
+2.  Create a Remote Repository with the following properties set:
 
-2. Create a Remote Repository with the following properties set:
     * Under the `Basic` tab:
-        * Package Type: Generic
-        * Repository Key: jfrog-releases-repository
-        * URL: <https://releases.jfrog.io>
+      * Package Type: Generic
+      * Repository Key: jfrog-releases-repository
+      * URL: [https://releases.jfrog.io](https://releases.jfrog.io)
 
     ![ExternalResourcesThroughArtifactoryPart1](../../.gitbook/assets/externalResourcesThroughArtifactoryPart1.png)
 
     * Under the `Advanced` tab:
-        * Uncheck the 'Store Artifacts Locally' option
+      * Uncheck the 'Store Artifacts Locally' option
 
     ![ExternalResourcesThroughArtifactoryPart2](../../.gitbook/assets/externalResourcesThroughArtifactoryPart2.png)
-
 3. Navigate to the Settings in JFrog VS Code Extension
-
 4. Insert the Repository Key you created in the Repository key text field
 
 ![externalResourcesRepository](../../.gitbook/assets/vscode/externalResourcesRepository.png)
@@ -50,7 +47,7 @@ Or set the `JFROG_IDE_RELEASES_REPO` environment variable with the Repository Ke
 
 If your proxy server requires credentials, follow these steps:
 
-1. Follow 1-3 steps under [Proxy configuration](extension-settings#proxy-configuration).
+1. Follow 1-3 steps under [Proxy configuration](extension-settings/#proxy-configuration).
 
 **Basic authorization**
 
@@ -80,6 +77,22 @@ settings.json:
 }
 ```
 
+## Xray Policies and Watches
+
+You can configure the JFrog VS-Code extension to use the security policies you create in Xray. Policies enable you to create a set of rules, in which each rule defines security criteria, with a corresponding set of automatic actions according to your needs. Policies are enforced when applying them to Watches.
+
+If you'd like to use a JFrog Project that is associated with the policy, follow these steps:
+
+1. Create a [JFrog Project](https://www.jfrog.com/confluence/display/JFROG/Projects), or obtain the relevant JFrog Project key.
+2. Create a [Policy](https://www.jfrog.com/confluence/display/JFROG/Creating+Xray+Policies+and+Rules) on JFrog Xray.
+3. Create a [Watch](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches) on JFrog Xray and assign your Policy and Project as resources to it.
+4. Configure your Project key in the [Extension Settings](extension-settings.md).
+
+If however your policies are referenced through an Xray Watch or Watches, follow these steps instead:
+
+1. Create one or more [Watches](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches) on JFrog Xray.
+2. Configure your Watches in the [Extension Settings](extension-settings.md).
+
 ### Troubleshooting
 
 Change the log level to `debug`, `info`, `warn`, or `err` in the [Extension Settings](extension-settings.md).

jfrog-applications/ide/visual-studio-code/xray-policies-and-watches.md

@@ -0,0 +1,2 @@
+# How Tos
+

jfrog-applications/jfrog-applications/ide/visual-studio-code/how-tos/README.md

@@ -12,13 +12,13 @@ Each file node in the tree is interactive, click and expand it to view its child
 
 In addition, the locations with vulnerabilities will be marked in the editor. By clicking on the light bulb icon next to a vulnerable location in the editor, we can instantly jump to the corresponding entry in the tree view.
 
-<figure><img src="../../.gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>
 
 Clicking on a CVE in the list will open the location with the issue in the editor and a vulnerability details view. This view contains information about the vulnerability, the vulnerable component, fixed versions, impact paths, and much more.
 
-<figure><img src="../../.gitbook/assets/image (4).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (4).png" alt=""><figcaption></figcaption></figure>
 
-<figure><img src="../../.gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure>
 
 <details>
 
@@ -31,7 +31,7 @@ For selected security issues, get leverage-enhanced CVE data that is provided by
 
 Check out what our research team is up to and stay updated on newly discovered issues by clicking on this [link](https://research.jfrog.com).
 
-<img src="../../.gitbook/assets/vscode/research.png" alt="JFrog_Research" data-size="original">
+<img src="../../../../../.gitbook/assets/vscode/research.png" alt="JFrog_Research" data-size="original">
 
 </details>
 
@@ -47,7 +47,7 @@ Xray automatically validates some high and very high impact vulnerabilities, suc
 * Vulnerability Contextual Analysis breakdown: An explanation provided by our research team as to why the CVE was found applicable or not applicable.
 * Remediation: Contextual mitigation steps and options provided by our research team that assist you with remediating the issues.
 
-<img src="../../.gitbook/assets/vscode/contextualDetails.png" alt="Contextual_Analysis" data-size="original">
+<img src="../../../../../.gitbook/assets/vscode/contextualDetails.png" alt="Contextual_Analysis" data-size="original">
 
 </details>
 
@@ -64,7 +64,7 @@ SAST findings are presented in a way that will help you easily locate the vulner
 * **Data Flow Analysis**: Provides information on the overall code flow and the different entry points of the vulnerability up to the execution point of the vulnerability. At JFrog we understand the developers need to see the entire picture of their code, rather than just providing the specific vulnerability found in the code. With Data Analysis Flow you will be able to follow the entire lifecycle of the vulnerability.
 * **Fix Steps**: To help you fix the security issues, the JFrog security team provides you with detailed fixes and mitigation options for the vulnerabilities. Xray empowers you to make smart choices when creating the mitigation plan and choosing the paths with the highest return on investment. Along with the JFrog severity given, you can make informed decisions on what vulnerabilities are a priority to fix. For example, vulnerabilities with low JFrog security severity are considered less risky, as it would be very unlikely to exploit them in the real world, or the impact of the exploitation is low.
 
-<img src="../../.gitbook/assets/vscode/sast.png" alt="Contextual_Analysis" data-size="original">
+<img src="../../../../../.gitbook/assets/vscode/sast.png" alt="Contextual_Analysis" data-size="original">
 
 </details>
 
@@ -76,7 +76,7 @@ _**NOTE:**_ Secrets Detection requires Xray version 3.66.5 or above and Enterpri
 
 Detect any secrets left exposed inside the code. to prevent any accidental leak of internal tokens or credentials. To ignore detected secrets, you can add a comment which includes the phrase _jfrog-ignore_ above the line with the secret.
 
-<img src="../../.gitbook/assets/vscode/secrets.png" alt="Secrets_Detection" data-size="original">
+<img src="../../../../../.gitbook/assets/vscode/secrets.png" alt="Secrets_Detection" data-size="original">
 
 </details>
 
@@ -88,6 +88,6 @@ _**NOTE:**_ Infrastructure as Code (IaC) requires Xray version 3.66.5 or above a
 
 Scan Infrastructure as Code (Terraform) files for early detection of cloud and infrastructure misconfigurations.
 
-<img src="../../.gitbook/assets/vscode/iac.png" alt="iac_scan" data-size="original">
+<img src="../../../../../.gitbook/assets/vscode/iac.png" alt="iac_scan" data-size="original">
 
 </details>

…sual-studio-code/analyze-your-results.md …e/how-tos/analyze-your-results/README.mdjfrog-applications/ide/visual-studio-code/analyze-your-results.md renamed to jfrog-applications/jfrog-applications/ide/visual-studio-code/how-tos/analyze-your-results/README.md jfrog-applications/ide/visual-studio-code/analyze-your-results.md renamed to jfrog-applications/jfrog-applications/ide/visual-studio-code/how-tos/analyze-your-results/README.md

@@ -2,4 +2,4 @@
 
 If Xray watches are used, on an icon vulnerability line a closed eye icon will appear by clicking on it you can create an [Ignore Rule](https://www.jfrog.com/confluence/display/JFROG/Ignore+Rules) in Xray.
 
-<figure><img src="../../.gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>

…de/visual-studio-code/ignore-findings.md …/analyze-your-results/ignore-findings.mdjfrog-applications/ide/visual-studio-code/ignore-findings.md renamed to jfrog-applications/jfrog-applications/ide/visual-studio-code/how-tos/analyze-your-results/ignore-findings.md jfrog-applications/ide/visual-studio-code/ignore-findings.md renamed to jfrog-applications/jfrog-applications/ide/visual-studio-code/how-tos/analyze-your-results/ignore-findings.md

@@ -2,4 +2,4 @@
 
 Update a vulnerable direct dependency to a fixed version directly from the vulnerable location at the editor using the quick fix.
 
-<figure><img src="../../.gitbook/assets/image (6).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (6).png" alt=""><figcaption></figcaption></figure>

…ide/visual-studio-code/resolve-issues.md …s/analyze-your-results/resolve-issues.mdjfrog-applications/ide/visual-studio-code/resolve-issues.md renamed to jfrog-applications/jfrog-applications/ide/visual-studio-code/how-tos/analyze-your-results/resolve-issues.md jfrog-applications/ide/visual-studio-code/resolve-issues.md renamed to jfrog-applications/jfrog-applications/ide/visual-studio-code/how-tos/analyze-your-results/resolve-issues.md

@@ -2,4 +2,4 @@
 
 The extension is available to install from the VS Code extensions marketplace. After installing the JFrog extension tab will appear in the activity bar.
 
-<figure><img src="../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>

…code/building-and-testing-the-sources.md …-tos/building-and-testing-the-sources.mdjfrog-applications/ide/visual-studio-code/building-and-testing-the-sources.md renamed to jfrog-applications/jfrog-applications/ide/visual-studio-code/how-tos/building-and-testing-the-sources.md jfrog-applications/ide/visual-studio-code/building-and-testing-the-sources.md renamed to jfrog-applications/jfrog-applications/ide/visual-studio-code/how-tos/building-and-testing-the-sources.md

@@ -2,11 +2,11 @@
 
 Once the JFrog Extension is installed in VS Code, click on the JFrog tab:
 
-![jfrogTab](../../.gitbook/assets/vscode/jfrogTab.png)
+![jfrogTab](../../../../.gitbook/assets/vscode/jfrogTab.png)
 
 This will open the Sign in page:
 
-![SighInPage](../../.gitbook/assets/vscode/sighInPage.png)
+![SighInPage](../../../../.gitbook/assets/vscode/sighInPage.png)
 
 Fill in your connection details and click on the `Sign In` button to start using the extension
 
@@ -24,7 +24,7 @@ To sign in using SSO, follow these steps:
 
 1. On the sign-in page, click the `Continue with SSO` button:
 
-![SighInSsoButton](../../.gitbook/assets/vscode/ssoButton.png)
+![SighInSsoButton](../../../../.gitbook/assets/vscode/ssoButton.png)
 
 2. After entering your JFrog platform URL, click on `Sign in With SSO`.
 3. It will take a few seconds for the browser to redirect you to the SSO sign in page.
@@ -34,7 +34,7 @@ To sign in using SSO, follow these steps:
 
 If JFrog CLI is installed on your machine and is configured with your JFrog Platform connection details, then you should see the message popup in the Sigh in page:
 
-![LoginPageJfrogCli](../../.gitbook/assets/vscode/sighInPageJFrogCli.png)
+![LoginPageJfrogCli](../../../../.gitbook/assets/vscode/sighInPageJFrogCli.png)
 
 ## Connect Using Environment Variables
 
@@ -48,6 +48,6 @@ You may set the connection details using the following environment variables. VS
 
 Once the above environment variables are configured, you can expect to see a message popup in the Sigh in page:
 
-![LoginPageEnvVar](../../.gitbook/assets/vscode/sighInPageEnvVar.png)
+![LoginPageEnvVar](../../../../.gitbook/assets/vscode/sighInPageEnvVar.png)
 
 **Note**: For security reasons, it is recommended to unset the environment variables after launching VS Code.