Security News > 2021 > December > Check for Log4j vulnerabilities with this simple-to-use script
2021-12-28 16:06
If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.
Part of the problem is that Log4j is so deeply embedded in Java projects and dependencies that are used by quite a lot of tools.
One such effort is Log4j Detect, which will scan your development projects to ensure they're free from vulnerabilities.
I want to show you how to use the Log4j Detect script to scan your Java projects.
Figure A. As you can see, the Java project I tested has Log4j issues that must be addressed.
You should consider this a must-do for every project and server you suspect could be vulnerable to Log4j.