Log4j Detect

Mend Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing known CVEs

Recent Log4j vulnerabilities, starting with CVE-2021-44228 published on December 10, 2021, have sent security and development teams into a tailspin.

This critical issue and the chaos that has followed bring to the forefront the biggest challenges organizations face when addressing open-source risks.

This tool works with Gradle, Maven, and Bundler package managers. It also searches project directories for vulnerable files with .jar or .gem extensions which is useful if you are not using any of those package managers.

All You Need to Know About Log4j

In these webinars, our security experts will tell you all about the risk, the exploitability, and the technical details around this vulnerability. Additionally, they will review the best practices and processes you need to put in place to deal with such vulnerabilities in the future.


Facing the Log4j Vulnerability Head-On: the Risk and the Fix

Tales From the trenches: The State of Log4j Remediation

Start Using Open Source Fearlessly.

Get started with the industry-leading solution for open source security and compliance management.