DEV Community

Cover image for OSS Log4j Vulnerability Scanning Tools
1 1

OSS Log4j Vulnerability Scanning Tools

TLDR: Download the OSS Log4j Vulnerability Scanning Tools from the JFrog GitHub repository to assess potential Log4j vulnerabilities in your source code or binaries

It is estimated that half of all global enterprises have been impacted by the Log4j vulnerability and the numbers of affected companies is on the rise every day. JFrog’s Security Research team has created a new set of tools that help developers scan their software for identified vulnerabilities in Log4j. These tools - available in Java and Python, quickly scan and flag if Log4j is present in active software the company uses.

Get The Tools

β€œThe Log4j vulnerability has set the enterprise software landscape on fire due to its widespread usage as a component across the software supply chain, making it difficult to rapidly pinpoint and remediate,” said Asaf Karas, CTO of JFrog Security Research. β€œIn times of crisis open-source tools allow community collaboration and contributions to collectively solve immediate and long-term security issues, which is why we’re proud to release these tools today."

JFrog’s flagship product, Artifactory has a build info component built into the tool that gives users full traceable information that describes all the details about the build. Xray takes this a step forward and scans the build to identify open source dependencies and any known vulnerabilities. The addition of these new OSS Log4j vulnerability scanning tools extends our ability to help our customers and the community secure the software supply chain. The tools perform specialized scans to detect the presence of Log4j through direct or indirect (transitive) dependencies, including instances where Log4j does not appear as a separate file, but is bundled inside a larger software package and harder to detect.

To stay up-to-date on the latest about Log4j please read our technical resource blog:(https://jfrog.com/blog/log4shell-0-day-vulnerability-all-you-need-to-know/)[Log4Shell 0-Day Vulnerability: All You Need To Know].

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

πŸ‘‹ Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay