WhiteSource Releases Free Log4j Detection Tool

By

Security and license risk management firm, WhiteSource, has released an open-source tool to help with the detection and remediation of Log4j vulnerabilities.

As the Log4j vulnerability continues to wreak havoc on the IT landscape, everyone is trying to prevent disaster from striking. A number of companies and development teams have released tools to help with the detection and remediation of the vulnerability. One such company is WhiteSource. Their new tool, Log4j Detect, is an open-source command-line utility that scans your projects to detect the following known CVEs:

  • CVE-2021-45046
  • CVE-2021-44228
  • CVE-2021-4104
  • CVE-2021-45105

Once the scan is complete, it will report back the exact path of the vulnerable files as well as the fixed version you'll need to remediate the issue. Log4j Detect should be run within the root directory of your projects and will also search for vulnerable files with both the .jar and .gem extensions. Log4j Detect supports the gradle, maven, and bundler package managers.

In order for Log4j Detect to run properly, you'll need to install either gradle (if the project is a gradle project) or mvn (if the project is a maven project). The developers have also indicated both maven and bundler projects must be built before scanning. Once you have Log4j Detect installed, the scan can be issued with the command log4j-detect scan -d PROJECT (Where PROJECT is the directory housing your project).

For more information about this tool, make sure to read through the project README.

12/23/2021

Related content

  • News for Admins
    WhiteSource Releases Free Log4j Detection Tool
  • Detecting security threats with Apache Spot
    Security vulnerabilities often remain unknown when the data they reveal is buried in the depths of logfiles. Apache Spot uses big data and machine learning technologies to sniff out known and unknown IT security threats.
  • Tested – Tenable Nessus v6
    To ensure your servers and workstations are well protected against attacks on your network, you need a professional security scanner. In version 6, Tenable has substantially expanded its Nessus vulnerability scanner. We pointed the software at a number of test computers.
comments powered by Disqus