Upgrade CLI version to 2.71.3

.github/workflows/build-vsix.yml

@@ -13,7 +13,7 @@ jobs:
 
     env:
         # jfrog cli version can be changed here
-        JFROG_CLI_VERSION: '2.67.0'
+        JFROG_CLI_VERSION: '2.71.3'
 
     steps:
     - name: Checkout code
@@ -48,6 +48,12 @@ jobs:
     - name: Build VSIX Project 
       run: msbuild JFrogVSExtension.sln /p:Configuration=Release /p:Platform="Any CPU" /p:BuildInParallel=true /m 
 
+    # Verify that the PDB file is not included in the .vsix file, this will expose unwanted debug information about the development env
+    - name: Check for PDB in VSIX
+      run: |
+        .\scripts\ValidatePDBFilesAbsenceInReleaseMode.ps1
+      shell: pwsh
+
     # Upload vsix and unit test as artifacts for other workflows usage
     - name: Upload vsix artifacts
       uses: actions/upload-artifact@v3

JFrogVSExtension.sln

@@ -15,8 +15,8 @@ Global
 		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|Any CPU.ActiveCfg = Release|Any CPU
-		{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|Any CPU.Build.0 = Release|Any CPU
+		{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|x86.ActiveCfg = Debug|x86
 		{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|x86.Build.0 = Debug|x86
 		{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Release|Any CPU.ActiveCfg = Release|Any CPU

JFrogVSExtension/JFrogVSExtension.csproj

@@ -52,13 +52,16 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
     <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <DefineConstants>
+    </DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>2</WarningLevel>
-    <DebugSymbols>true</DebugSymbols>
+	<IncludeDebugSymbolsInVSIXContainer>false</IncludeDebugSymbolsInVSIXContainer>
+	<IncludeDebugSymbolsInLocalVSIXDeployment>false</IncludeDebugSymbolsInLocalVSIXDeployment>
+    <DebugSymbols>false</DebugSymbols>
   </PropertyGroup>
   <ItemGroup>
     <Compile Include="Components\Component.cs" />

JFrogVSExtension/source.extension.vsixmanifest

@@ -1,25 +1,25 @@
 <?xml version="1.0" encoding="utf-8"?>
 <PackageManifest Version="2.0.0" xmlns="http://schemas.microsoft.com/developer/vsx-schema/2011" xmlns:d="http://schemas.microsoft.com/developer/vsx-schema-design/2011">
-  <Metadata>
-    <Identity Id="JFrogVSExtension.c07afb03-9f9a-45e2-8e6f-78442325bb24" Version="2.1.1" Language="en-US" Publisher="JFrog" />
-    <DisplayName>JFrog V2</DisplayName>
-    <Description xml:space="preserve">Visual Studio extension to integrate with JFrog Xray for scanning solution components. </Description>
-    <Icon>Resources\Icon.png</Icon>
-    <PreviewImage>Resources\PreviewImage.png</PreviewImage>
-  </Metadata>
-  <Installation>
-    <InstallationTarget Version="[17.0,18.0)" Id="Microsoft.VisualStudio.Community">
-      <ProductArchitecture>amd64</ProductArchitecture>
-    </InstallationTarget>
-  </Installation>
-  <Dependencies>
-    <Dependency Id="Microsoft.Framework.NDP" DisplayName="Microsoft .NET Framework" d:Source="Manual" Version="[4.5,)" />
-  </Dependencies>
-  <Prerequisites>
-    <Prerequisite Id="Microsoft.VisualStudio.Component.CoreEditor" Version="[15.0,)" DisplayName="Visual Studio core editor" />
-  </Prerequisites>
-  <Assets>
-    <Asset Type="Microsoft.VisualStudio.ToolboxControl" d:Source="Project" d:ProjectName="%CurrentProject%" Path="|%CurrentProject%;PkgdefProjectOutputGroup|" />
-    <Asset Type="Microsoft.VisualStudio.VsPackage" d:Source="Project" d:ProjectName="%CurrentProject%" Path="|%CurrentProject%;PkgdefProjectOutputGroup|" />
-  </Assets>
+    <Metadata>
+        <Identity Id="JFrogVSExtension.c07afb03-9f9a-45e2-8e6f-78442325bb24" Version="2.1.2" Language="en-US" Publisher="JFrog" />
+        <DisplayName>JFrog V2</DisplayName>
+        <Description xml:space="preserve">Visual Studio extension to integrate with JFrog Xray for scanning solution components. </Description>
+        <Icon>Resources\Icon.png</Icon>
+        <PreviewImage>Resources\PreviewImage.png</PreviewImage>
+    </Metadata>
+    <Installation>
+        <InstallationTarget Version="[17.0,18.0)" Id="Microsoft.VisualStudio.Community">
+            <ProductArchitecture>amd64</ProductArchitecture>
+        </InstallationTarget>
+    </Installation>
+    <Dependencies>
+        <Dependency Id="Microsoft.Framework.NDP" DisplayName="Microsoft .NET Framework" d:Source="Manual" Version="[4.5,)" />
+    </Dependencies>
+    <Prerequisites>
+        <Prerequisite Id="Microsoft.VisualStudio.Component.CoreEditor" Version="[15.0,)" DisplayName="Visual Studio core editor" />
+    </Prerequisites>
+    <Assets>
+        <Asset Type="Microsoft.VisualStudio.ToolboxControl" d:Source="Project" d:ProjectName="%CurrentProject%" Path="|%CurrentProject%;PkgdefProjectOutputGroup|" />
+        <Asset Type="Microsoft.VisualStudio.VsPackage" d:Source="Project" d:ProjectName="%CurrentProject%" Path="|%CurrentProject%;PkgdefProjectOutputGroup|" />
+    </Assets>
 </PackageManifest>

README.md

@@ -1,49 +1,27 @@
-# JFrog Visual Studio Extension
+# JFrog Visual Studio Extension
+[![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.png)](https://github.com/jfrog/frogbot#readme)
+
 
 |          Target          |                                                                           Status                                                                            |                                                                                  Installs                                                                                   |
 |:------------------------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|
-|    Visual Studio 2022    | [![Visual Studio 2022](https://vsmarketplacebadge.apphb.com/version/JFrog.JFrogV2.svg)](https://marketplace.visualstudio.com/items?itemName=JFrog.JFrogV2)  | ![Artifactory Extension Marketplace Installs](https://img.shields.io/visual-studio-marketplace/i/JFrog.JFrogV2?label=marketplace%20installs&color=blue&style=for-the-badge) |
-| Visual Studio 2017, 2019 | [![Visual Studio 2017,2019](https://vsmarketplacebadge.apphb.com/version/JFrog.JFrog.svg)](https://marketplace.visualstudio.com/items?itemName=JFrog.JFrog) |           ![Visual Studio 2017,2019](https://img.shields.io/visual-studio-marketplace/i/JFrog.JFrog?label=marketplace%20installs&color=blue&style=for-the-badge)            |
-
-
-# Table of Contents
-
-- [About this Extension](#about-this-extension)
-  - [Component Tree Icons](#component-tree-icons)
-- [Installing the Extension](#installing-the-extension)
-- [Building the Sources](#building-the-sources)
-- [Troublshooting Issues](#troublshooting-issues)
-- [Release Notes](#release-notes)
-- [Code Contributions](#code-contributions)
-
-## About this Extension
-JFrog Visual studio extension adds JFrog Xray scanning of NuGet project dependencies to your Visual Studio.
-To learn how to use the extension, please visit the [JFrog Visual Studio Extension User Guide](https://www.jfrog.com/confluence/display/XRAY/IDE+Integration#IDEIntegration-JFrogVisualStudioExtension).
-
-### Component Tree Icons
-The icon demonstrates the top severity issue of a selected component and its transitive dependencies. The following table describes the severities from lowest to highest:
-|                 Icon                | Severity |                                       Description                                      |
-|:-----------------------------------:|:--------:|:---------------------------------------------------------------------------------------|
-|   ![Normal](JFrogVSExtension/Resources/normal.png)   |  Normal  | Scanned - No Issues                                                                    |
-|  ![Unknown](JFrogVSExtension/Resources/unknown.png)  |  Unknown | No CVEs attached to the vulnerability or the selected component not identified in Xray |
-|      ![Low](JFrogVSExtension/Resources/low.png)      |    Low   | Top issue with low severity                                                            |
-|   ![Medium](JFrogVSExtension/Resources/medium.png)   |  Medium  | Top issue with medium severity                                                         |
-|     ![High](JFrogVSExtension/Resources/high.png)     |   High   | Top issue with high severity                                                           |
-| ![Critical](JFrogVSExtension/Resources/critical.png) | Critical | Top issue with critical severity  
-
-## Installing the Extension
-1. Make sure nuget.exe exists under your PATH environment variable
-2. Open Visual Studio
-3. Open *Tools* --> *Extensions and Updates*
-
-![alt](docs/images/getTools.png)
-
-4. Search for JFrog Visual Studio Extension
-5. Click on *Download*
-6. Once the installation is completed, re-open Visual Studio.
-
-## Release Notes
+|    Visual Studio 2022    | [Visual Studio 2022](https://marketplace.visualstudio.com/items?itemName=JFrog.JFrogV2)  | ![Artifactory Extension Marketplace Installs](https://img.shields.io/visual-studio-marketplace/i/JFrog.JFrogV2?label=marketplace%20installs&color=blue&style=for-the-badge) |
+| Visual Studio 2017, 2019 | [Visual Studio 2017,2019](https://marketplace.visualstudio.com/items?itemName=JFrog.JFrog) |           ![Visual Studio 2017,2019](https://img.shields.io/visual-studio-marketplace/i/JFrog.JFrog?label=marketplace%20installs&color=blue&style=for-the-badge)            |
+
+
+| Branch |                                                                                                                                                                                            Status                                                                                                                                                                                            |
+|:------:|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|
+| master | [![Test](https://github.com/jfrog/jfrog-visual-studio-extension/actions/workflows/tests.yml/badge.svg?branch=master)](https://github.com/jfrog/jfrog-visual-studio-extension/actions/workflows/tests.yml?query=branch%master) |
+|  dev   |     [![Test](https://github.com/jfrog/jfrog-visual-studio-extension/actions/workflows/tests.yml/badge.svg?branch=dev)](https://github.com/jfrog/jfrog-visual-studio-extension/actions/workflows/tests.yml?query=branch%3Adev)      |
+
+## 🤖 About this Extension
+The JFrog Visual Studio Extension adds JFrog Xray scanning of NuGet project dependencies to your Visual Studio IDE. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in Visual Studio. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organization’s product. The extension filter allows you view the scanned results according to issues. <br>
+To learn how to use the extension, please visit the [JFrog Visual Studio Extension User Guide](https://jfrog.com/help/r/jfrog-integrations-documentation/jfrog-visual-studio-extension).
+
+## 🥏 Release Notes
 The release notes are available [here](https://github.com/jfrog/jfrog-visual-studio-extension/releases).
 
-## Code Contributions
-We welcome community contribution through pull requests.
+## 🔥 Reporting Issues
+Please help us improve by reporting issues you encounter [here](https://github.com/jfrog/jfrog-visual-studio-extension/issues).
+
+## 💻 Contributions
+We welcome community contribution through pull requests. To help us improve this project, please read our [Contribution](https://github.com/jfrog/jfrog-visual-studio-extension/blob/master/CONTRIBUTING.md) guide.

UnitTestJfrogVSExtension/PowerShellScriptTests.cs

@@ -15,7 +15,10 @@ public class PowerShellScriptTests
         public static string rootDir = GetProjectRoot(AppDomain.CurrentDomain.BaseDirectory);
         public static string updateVersionScriptPath = Path.Combine(rootDir, @"scripts\UpdateVsixVersion.ps1");
         public static string downloadCliScriptPath = Path.Combine(rootDir, @"scripts\DownloadJfrogCli.ps1");
-        public static string vsixManifestMockPath = Path.Combine(rootDir, @"scripts\vsixmanifestMock");
+        public static string validatePDBScriptPath = Path.Combine(rootDir, @"scripts\ValidatePDBFilesAbsenceInReleaseMode.ps1");
+        public static string vsixManifestMockPath = Path.Combine(rootDir, @"UnitTestJfrogVSExtension\Resources\vsixmanifestMock");
+        public static string vsixWithPDBFilePath = Path.Combine(rootDir, @"UnitTestJfrogVSExtension\Resources\includePdbFile.vsix");
+        public static string vsixWithoutPDBFilePath = Path.Combine(rootDir, @"UnitTestJfrogVSExtension\Resources\excludePdbFile.vsix");
 
         [TestMethod]
         public void Test_UpdateVsixVersion_ValidVersion()
@@ -60,6 +63,32 @@ public void Test_DownloadJfrogCli()
             Assert.AreEqual(0, exitCode);
         }
 
+        [TestMethod]
+        public void Test_VsixContainsPdbFile()
+        {
+            var envVars = new Dictionary<string, string>
+            {
+                { "VSIX_PATH", vsixWithPDBFilePath },
+            };
+
+            // script should fail and return exit code 1
+            int exitCode = RunPowerShellScript(validatePDBScriptPath, envVars);
+            Assert.AreEqual(1, exitCode, "The PDB file should be found in the VSIX.");
+        }
+
+        [TestMethod]
+        public void Test_VsixDoesNotContainPdbFile()
+        {
+            var envVars = new Dictionary<string, string>
+            {
+                { "VSIX_PATH", vsixWithoutPDBFilePath },
+            };
+
+            // script should succeed and return exit code 0
+            int exitCode = RunPowerShellScript(validatePDBScriptPath, envVars);
+            Assert.AreEqual(0, exitCode, "The PDB file should not be found in the VSIX.");
+        }
+
         private static string GetProjectRoot(string currentDir)
         {
             while (Directory.GetFiles(currentDir, "*.sln").Length == 0)

UnitTestJfrogVSExtension/UnitTestJfrogVSExtension.csproj

@@ -33,7 +33,8 @@
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
     <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
+    <DefineConstants>
+    </DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>

scripts/ValidatePDBFilesAbsenceInReleaseMode.ps1

@@ -0,0 +1,33 @@
+# if vsix file path was not defined - use the default location in release folder
+if (-not $env:VSIX_PATH) {
+    $env:VSIX_PATH=Join-Path "$(pwd)" "JfrogVSExtension\bin\Release\JfrogVSExtension.vsix"
+}
+
+$pdbExists = $false
+$fileName = ""
+
+# Validate that the necessary assembly for unzipping the .vsix file exists
+Add-Type -AssemblyName System.IO.Compression.FileSystem
+
+# Check if the .vsix file contains the PDB file
+if (Test-Path $env:VSIX_PATH) {
+    $zipContent = [System.IO.Compression.ZipFile]::OpenRead($env:VSIX_PATH)
+    foreach ($entry in $zipContent.Entries) {
+        if ($entry.FullName -like "*JfrogVSExtension.pdb") {
+            $pdbExists = $true
+            $fileName = $entry.FullName
+            break
+        }
+    }
+    $zipContent.Dispose()
+} else {
+    Write-Error "VSIX file does not exist in the following path: $env:VSIX_PATH."
+    exit 1 # Fail the workflow if the .vsix file is not found
+}
+
+if ($pdbExists) {
+    Write-Error  "PDB file exists in VSIX. file name = $fileName Please check your project settings."
+    exit 1  # Fail the workflow if the PDB file is found
+} else {
+    Write-Host "PDB file not found in VSIX. Release mode build is clean."
+}