{"id":22768662,"url":"https://github.com/whitesource/log4j-detect-distribution","last_synced_at":"2025-04-15T01:51:40.915Z","repository":{"id":45233947,"uuid":"438156679","full_name":"whitesource/log4j-detect-distribution","owner":"whitesource","description":null,"archived":false,"fork":false,"pushed_at":"2022-03-19T14:10:50.000Z","size":8572,"stargazers_count":138,"open_issues_count":4,"forks_count":23,"subscribers_count":18,"default_branch":"main","last_synced_at":"2025-04-13T00:44:16.192Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/whitesource.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-14T07:24:09.000Z","updated_at":"2025-03-17T08:50:25.000Z","dependencies_parsed_at":"2022-09-02T12:40:11.786Z","dependency_job_id":null,"html_url":"https://github.com/whitesource/log4j-detect-distribution","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whitesource%2Flog4j-detect-distribution","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whitesource%2Flog4j-detect-distribution/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whitesource%2Flog4j-detect-distribution/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whitesource%2Flog4j-detect-distribution/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/whitesource","download_url":"https://codeload.github.com/whitesource/log4j-detect-distribution/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248991538,"owners_count":21194894,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-11T14:12:21.736Z","updated_at":"2025-04-15T01:51:40.886Z","avatar_url":"https://github.com/whitesource.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Log4jDetect\n\nWhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions\ncontaining the following known CVEs:\n\n* CVE-2021-45046\n* CVE-2021-44228\n* CVE-2021-4104\n* CVE-2021-45105\n* CVE-2021-44832\n* CVE-2020-9488\n* CVE-2020-9493\n* CVE-2022-23302\n* CVE-2022-23305\n* CVE-2022-23307\n\nIt provides the exact path to direct and indirect dependencies, along with the fixed version for speedy remediation.\n\nThe supported packages managers are:\n\n* gradle\n* maven\n* bundler\n\nIn addition, the tool will search for vulnerable files with the `.jar`,`.gem` extensions.\n\n### Prerequisites:\n\n* Download the log4j-detect binary based on your OS platform (see installation steps below)\n\n---\n**NOTE**\n\n1. For mac users, if the following message appears:\n   \"log4j-detect can't be opened because Apple cannot check it for malicious software\", please follow the steps\n   [described here](https://support.apple.com/en-il/guide/mac-help/mchleab3a043/mac)\n\n\n2. The relevant binaries must be installed for the scan to work, i.e:\n    * `gradle` if the scanned project is a gradle project (contains a `settings.gradle` or a `build.gradle` file)\n    * `mvn` if the scanned project is a maven project (contains a `pom.xml` file)\n    * `ruby`/`jruby` and `gem`/`jgem` if the scanned project is a bundler project (contains a `Gemfile.lock`/`gems.locked` file)\n\n\n3. Building the projects before scanning will improve scan time and reduce potential scan errors\n\n    * maven projects __must__ be built prior to scanning, e.g. with the following command:\n       ```shell\n       mvn install\n       ```\n\n    * bundler projects __must__ be built prior to scanning, e.g. with the following command:\n       ```shell\n       jbundler install\n       ```\n\n    * It is not necessary to run `gradle build` prior to scanning a `gradle` project, but that will greatly decrease the\n      scan time\n\n---\n\n## Usage\n\nIn order to scan your project, simply run the following command:\n\n```shell\nlog4j-detect scan -d PROJECT_DIR\n```\n\nThe folder can include source code that uses supported package managers in the project, as well binaries with the\nsupported extensions mentioned above.\nIt may error if it's run in a location which has protected folders it cannot access, such as Windows system folders.\n\n## Installation\n\n### Linux\n\n```shell\nARCH=amd64 # or ARCH=arm64\nwget \"https://github.com/whitesource/log4j-detect-distribution/releases/latest/download/log4j-detect-1.5.0-linux-$ARCH.tar.gz\"\ntar -xzvf log4j-detect-1.5.0-linux-$ARCH.tar.gz\nchmod +x log4j-detect\n./log4j-detect -h\n```\n\n### Mac\n\n```shell\nARCH=amd64 # or ARCH=arm64 \nwget \"https://github.com/whitesource/log4j-detect-distribution/releases/latest/download/log4j-detect-1.5.0-darwin-$ARCH.tar.gz\"\ntar -xzvf log4j-detect-1.5.0-darwin-$ARCH.tar.gz\nchmod +x log4j-detect\n./log4j-detect -h\n```\n\n### Windows\n\n```powershell\nInvoke-WebRequest -Uri \"https://github.com/whitesource/log4j-detect-distribution/releases/latest/download/log4j-detect-1.5.0-windows-amd64.zip\" -OutFile \"log4j-detect.zip\"\nExpand-Archive -LiteralPath 'log4j-detect.zip'\ncd log4j-detect\n.\\log4j-detect.exe -h\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhitesource%2Flog4j-detect-distribution","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwhitesource%2Flog4j-detect-distribution","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhitesource%2Flog4j-detect-distribution/lists"}