Log4j Detect

Mend Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing known CVEs

Recent Log4j vulnerabilities, starting with CVE-2021-44228 published on December 10, 2021, have sent security and development teams into a tailspin.

This critical issue and the chaos that has followed bring to the forefront the biggest challenges organizations face when addressing open-source risks.

This tool works with Gradle, Maven, and Bundler package managers. It also searches project directories for vulnerable files with .jar or .gem extensions which is useful if you are not using any of those package managers.

All You Need to Know About Log4j

In these webinars, our security experts will tell you all about the risk, the exploitability, and the technical details around this vulnerability. Additionally, they will review the best practices and processes you need to put in place to deal with such vulnerabilities in the future.


Facing the Log4j Vulnerability Head-On: the Risk and the Fix

Tales From the trenches: The State of Log4j Remediation

Who Is Mend?

Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent  of the Fortune 100, and manages Renovate, the open source automated dependency update project.  For more information, visit www.mend.io, the Mend blog, and Mend on LinkedIn and Twitter.


Start Using Open Source Fearlessly.

Start your free trial with the industry-leading solution for open source security and compliance management.