{"id":22768658,"url":"https://github.com/whitesource/spring4shell-detect","last_synced_at":"2025-04-15T01:51:23.812Z","repository":{"id":44247576,"uuid":"476324702","full_name":"whitesource/spring4shell-detect","owner":"whitesource","description":null,"archived":false,"fork":false,"pushed_at":"2022-04-01T07:27:30.000Z","size":10297,"stargazers_count":21,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-13T00:44:16.373Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/whitesource.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-03-31T13:46:00.000Z","updated_at":"2023-05-29T05:35:23.000Z","dependencies_parsed_at":"2022-09-07T19:13:38.850Z","dependency_job_id":null,"html_url":"https://github.com/whitesource/spring4shell-detect","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whitesource%2Fspring4shell-detect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whitesource%2Fspring4shell-detect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whitesource%2Fspring4shell-detect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whitesource%2Fspring4shell-detect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/whitesource","download_url":"https://codeload.github.com/whitesource/spring4shell-detect/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248991539,"owners_count":21194894,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-11T14:12:21.275Z","updated_at":"2025-04-15T01:51:23.798Z","avatar_url":"https://github.com/whitesource.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Spring4Shell Detect\n\nWhiteSource spring4shell Detect is a free CLI tool that quickly scans your projects to find vulnerable Spring4shell versions\ncontaining the following known CVEs:\n\n* CVE-2022-22965\n\nIt provides the exact path to direct and indirect dependencies, along with the fixed version for speedy remediation.\n\nThe supported packages managers are:\n\n* gradle\n* maven\n* bundler\n\nIn addition, the tool will search for vulnerable files with the `.jar`,`.gem` extensions.\n\n### Prerequisites:\n\n* Download the spring4shell-detect binary based on your OS platform (see installation steps below)\n\n---\n**NOTE**\n\n1. For mac users, if the following message appears:\n   \"spring4shell-detect can't be opened because Apple cannot check it for malicious software\", please follow the steps\n   [described here](https://support.apple.com/en-il/guide/mac-help/mchleab3a043/mac)\n\n\n2. The relevant binaries must be installed for the scan to work, i.e:\n    * `gradle` if the scanned project is a gradle project (contains a `settings.gradle` or a `build.gradle` file)\n    * `mvn` if the scanned project is a maven project (contains a `pom.xml` file)\n    * `ruby`/`jruby` and `gem`/`jgem` if the scanned project is a bundler project (contains a `Gemfile.lock`/`gems.locked` file)\n\n\n3. Building the projects before scanning will improve scan time and reduce potential scan errors\n\n    * maven projects __must__ be built prior to scanning, e.g. with the following command:\n       ```shell\n       mvn install\n       ```\n\n    * bundler projects __must__ be built prior to scanning, e.g. with the following command:\n       ```shell\n       jbundler install\n       ```\n\n    * It is not necessary to run `gradle build` prior to scanning a `gradle` project, but that will greatly decrease the\n      scan time\n\n---\n\n## Usage\n\nIn order to scan your project, simply run the following command:\n\n```shell\nspring4shell-detect scan -d PROJECT_DIR\n```\n\nThe folder can include source code that uses supported package managers in the project, as well binaries with the\nsupported extensions mentioned above.\nIt may error if it's run in a location which has protected folders it cannot access, such as Windows system folders.\n\n## Installation\n\n### Linux\n\n```shell\nARCH=amd64 # or ARCH=arm64\nwget \"https://github.com/whitesource/spring4shell-detect/releases/latest/download/spring4shell-detect-1.0.0-linux-$ARCH.tar.gz\"\ntar -xzvf spring4shell-detect-1.0.0-linux-$ARCH.tar.gz\nchmod +x spring4shell-detect\n./spring4shell-detect -h\n```\n\n### Mac\n\n```shell\nARCH=amd64 # or ARCH=arm64 \nwget \"https://github.com/whitesource/spring4shell-detect/releases/latest/download/spring4shell-detect-1.0.0-darwin-$ARCH.tar.gz\"\ntar -xzvf spring4shell-detect-1.0.0-darwin-$ARCH.tar.gz\nchmod +x spring4shell-detect\n./spring4shell-detect -h\n```\n\n### Windows\n\n```powershell\nInvoke-WebRequest -Uri \"https://github.com/whitesource/spring4shell-detect/releases/latest/download/spring4shell-detect-1.0.0-windows-amd64.zip\" -OutFile \"spring4shell-detect.zip\"\nExpand-Archive -LiteralPath 'spring4shell-detect.zip'\ncd spring4shell-detect\n.\\spring4shell-detect.exe -h\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhitesource%2Fspring4shell-detect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwhitesource%2Fspring4shell-detect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhitesource%2Fspring4shell-detect/lists"}