WhiteSource Unveils Free Tool to Identify and Remediate Log4j Vulnerabilities

WhiteSource, a leader in open source security and management, has unveiled WhiteSource Log4j Detect, a free command-line interface (CLI) tool to help organizations quickly identify and remediate the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-445046.

Fremont, CA: WhiteSource assists organizations in accelerating the development of secure software on a large scale. It provides automated tools that bridge the security knowledge gap by easily integrating into the software development life cycle and continuing beyond detection with a remediation-first approach.

WhiteSource, a leader in open source security and management, has unveiled WhiteSource Log4j Detect, a free command-line interface (CLI) tool to help organizations quickly identify and remediate the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-445046.

This free developer tool, which is now available on GitHub, rapidly scans projects for vulnerable Log4j versions and offers the exact path — both to direct and indirect dependencies — as well as the fixed version for quick remediation. As a standalone tool, developers can download the utility that corresponds to their platform, launch it in the terminal, and run the scan command on the project's root folder.

"By offering this free tool to developers and their teams, we aim to help organizations address these vulnerabilities, and mitigate their impact," commented Rami Sass, co-founder and CEO of WhiteSource. "It's important for us to provide security and DevOps teams the tools that they need to address new threats. Adopting a remediation-first approach and baking security automation into development is the best way to proactively address new and emerging risks to today's software development organizations."