Merge remote-tracking branch 'upstream/master' into secret-storage

.github/workflows/release.yml

@@ -27,7 +27,7 @@ jobs:
         run: npm run lint
 
       - name: Update version
-        run: echo ${{ github.event.release.tag_name }} | cut -c 11- | xargs npm version
+        run: echo ${{ github.event.release.tag_name }} | xargs npm version
 
       # Publish to marketplaces
       - name: Publish to VS marketplace

README.md

@@ -24,8 +24,10 @@
     - [General](#general)
     - [Software Composition Analysis (SCA)](#software-composition-analysis)
     - [CVE Research and Enrichment](#cve-research-and-enrichment)
+    - [Static Application Security Testing (SAST)](#static-application-security-testing-sast)
     - [Vulnerability Contextual Analysis](#vulnerability-contextual-analysis)
     - [Secrets Detection](#secrets-detection)
+    - [Infrastructure as Code (IaC) Scan](#infrastructure-as-code-iac-scan) 
 - [The CI View](#the-ci-view)
     - [How Does It Work?](#how-does-it-work)
     - [Setting Up Your CI Pipeline](#setting-up-your-ci-pipeline)

package.json

@@ -2,7 +2,7 @@
     "name": "jfrog-vscode-extension",
     "displayName": "JFrog",
     "description": "Security scanning for your Go, npm, Pypi, Maven and NuGet projects.",
-    "version": "2.7.1",
+    "version": "2.8.1",
     "license": "Apache-2.0",
     "icon": "resources/extensionIcon.png",
     "repository": {
@@ -28,7 +28,7 @@
         "viewsWelcome": [
             {
                 "view": "jfrog.issues",
-                "contents": "Your project is ready to be scanned for security issues as described below.\nThe basic functionality includes Software Composition Analysis (SCA). We will scan your project dependencies for security issues and also show you enriched CVE data provided by the JFrog Security Research team.\n\nIf your JFrog subscription includes [Advanced DevSecOps](https://jfrog.com/xray/) enabled, we'll also run the following scans:\n\nVulnerability Contextual Analysis - This feature uses the code context to eliminate false positive reports on vulnerable dependencies that are not applicable to the code. Vulnerability Contextual Analysis is currently supported for Python, JavaScript and Java code.\nSecrets Detection - Detect and prevent the inclusion of sensitive information, such as credentials and API keys, in your codebase.\nInfrastructure as Code (IaC) scans - Analyze Infrastructure as Code (IaC) files, such as Terraform, to identify security vulnerabilities and misconfigurations before deploying your cloud infrastructure. Get actionable insights and recommendations for securing your IaC configurations.",
+                "contents": "Your project is ready to be scanned for security issues as described below.\nThe basic functionality includes Software Composition Analysis (SCA). We will scan your project dependencies for security issues and also show you enriched CVE data provided by the JFrog Security Research team.\n\nIf your JFrog subscription includes [Advanced DevSecOps](https://jfrog.com/xray/) enabled, we'll also run the following scans:\n\n[Vulnerability Contextual Analysis](https://github.com/jfrog/jfrog-vscode-extension#vulnerability-contextual-analysis) - This feature uses the code context to eliminate false positive reports on vulnerable dependencies that are not applicable to the code. Vulnerability Contextual Analysis is currently supported for Python, JavaScript and Java code.\n[SAST](https://github.com/jfrog/jfrog-vscode-extension#static-application-security-testing-sast) - Provides fast and accurate security-focused engines that detect zero-day security vulnerabilities on your source code sensitive operations, while minimizing false positives.\n[Secrets Detection](https://github.com/jfrog/jfrog-vscode-extension#secrets-detection) - Detect and prevent the inclusion of sensitive information, such as credentials and API keys, in your codebase.\n[Infrastructure as Code (IaC) scans](https://github.com/jfrog/jfrog-vscode-extension#infrastructure-as-code-iac-scan) - IaC files, such as Terraform, to identify security vulnerabilities and misconfigurations before deploying your cloud infrastructure. Get actionable insights and recommendations for securing your IaC configurations.",
                 "when": "jfrog.connection.status == signedIn && jfrog.firstScanInWorkspace"
             },
             {