June 7th 2020
Universal End-to-End DevOps Platform for Continuous Software Releases
If you’re a Golang developer using Visual Studio Code, keeping at-risk Go Modules out of your apps just got easier, and for free.
To help fulfill our mission of making software development and delivery faster, more secure, and more reliable, we’ve taken our VS Code extension to the next level. By drawing from the Go module vulnerabilities data available in GoCenter, VS Code users can benefit even without a licensed instance of Xray.
Once the extension is installed, you can see all of this information in VS Code while hovering over the module in the go.mod file.
VS Code doesn’t only show this information for your direct module dependencies. You can also see indirect (transitive) dependencies, in a hierarchical tree view.
You can jump from the module in the go.mod directly to the tree view and do the same from the tree to the module definition in the go.mod.
You can also navigate directly into the GoCenter’s UI and see even more information about the module under the Security tab.
With such accelerating growth of the Go Module ecosystem, it becomes ever more important to have insight into the dependencies you use. Jfrog’s extension for VS Code can help relieve the stress of managing vulnerabilities for the other languages you use in VS Code. It can reveal risks in many packages like Maven, Gradle, npm, NuGet, RubyGems, and PHP Composer and can also identify dependencies that don’t match your organization’s license policies.