Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
December 16, 2021 06:47 pm GMT

OSS Log4j Vulnerability Scanning Tools

TLDR: Download the OSS Log4j Vulnerability Scanning Tools from the JFrog GitHub repository to assess potential Log4j vulnerabilities in your source code or binaries

It is estimated that half of all global enterprises have been impacted by the Log4j vulnerability and the numbers of affected companies is on the rise every day. JFrogs Security Research team has created a new set of tools that help developers scan their software for identified vulnerabilities in Log4j. These tools - available in Java and Python, quickly scan and flag if Log4j is present in active software the company uses.

Get The Tools

The Log4j vulnerability has set the enterprise software landscape on fire due to its widespread usage as a component across the software supply chain, making it difficult to rapidly pinpoint and remediate, said Asaf Karas, CTO of JFrog Security Research. In times of crisis open-source tools allow community collaboration and contributions to collectively solve immediate and long-term security issues, which is why were proud to release these tools today."

JFrogs flagship product, Artifactory has a build info component built into the tool that gives users full traceable information that describes all the details about the build. Xray takes this a step forward and scans the build to identify open source dependencies and any known vulnerabilities. The addition of these new OSS Log4j vulnerability scanning tools extends our ability to help our customers and the community secure the software supply chain. The tools perform specialized scans to detect the presence of Log4j through direct or indirect (transitive) dependencies, including instances where Log4j does not appear as a separate file, but is bundled inside a larger software package and harder to detect.

To stay up-to-date on the latest about Log4j please read our technical resource blog:(https://jfrog.com/blog/log4shell-0-day-vulnerability-all-you-need-to-know/)[Log4Shell 0-Day Vulnerability: All You Need To Know].


Original Link: https://dev.to/lorilorusso/oss-log4j-vulnerability-scanning-tools-4205

Share this article:    Share on Facebook
View Full Article

Dev To

An online community for sharing and discovering great ideas, having debates, and making friends

More About this Source Visit Dev To