News for Admins

Tech News

Article from ADMIN 67/2022
By
WhiteSource Releases Free Log4j Detection Tool

WhiteSource Releases Free Log4j Detection Tool

As the Log4j vulnerability continues to wreak havoc on the IT landscape, everyone is trying to prevent disaster from striking. A number of companies and development teams have released tools to help with the detection and remediation of the vulnerability. One such company is WhiteSource. Their new tool, Log4j Detect (https://github.com/whitesource/log4j-detect-distribution), is an open source, command-line utility that scans your projects to detect the following known CVEs:

  • CVE-2021-45046
  • CVE-2021-44228
  • CVE-2021-4104
  • CVE-2021-45105

Once the scan is complete, it will report back the exact path of the vulnerable files as well as the fixed version you'll need to remediate the issue. Log4j Detect should be run within the root directory of your projects and will also search for vulnerable files with both the .jar and .gem extensions. Log4j Detect supports the Gradle, Maven, and Bundler package managers.

In order for Log4j Detect to run properly, you'll need to install either Gradle (if the project is a Gradle project) or mvn (if the project is a Maven project). The developers have also indicated both maven and bundler projects must be built before scanning. Once you have Log4j Detect installed, the scan can be issued with the command log4j-detect scan -d PROJECT (where PROJECT is the directory housing your project).

For more information about this tool, make sure to read through the project README (https://github.com/whitesource/log4j-detect-distribution/blob/main/README.md).

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus