Skip to content

Commit

Permalink
update CVEs and vulnerable libraries, make list of found CVEs dynamic
Browse files Browse the repository at this point in the history
  • Loading branch information
@NoamDolovichWS
NoamDolovichWS committed Dec 19, 2021
1 parent ad4f7f7 commit 34af021
Show file tree
Hide file tree
Showing 9 changed files with 53 additions and 656 deletions.
13 changes: 8 additions & 5 deletions README.md
View file
Expand Up @@ -5,6 +5,8 @@ containing the following known CVEs:

* CVE-2021-45046
* CVE-2021-44228
* CVE-2021-4104
* CVE-2021-45105

It provides the exact path to direct and indirect dependencies, along with the fixed version for speedy remediation.

Expand Down Expand Up @@ -50,6 +52,7 @@ In order to scan your project, simply run the following command:
```shell
log4j-detect scan -d PROJECT_DIR
```

The folder can include source code that uses maven/gradle in the project, as well as binaries (i.e jar files)

## Installation
Expand All @@ -58,8 +61,8 @@ The folder can include source code that uses maven/gradle in the project, as wel

```shell
ARCH=amd64 # or ARCH=arm64
wget "https://github.com/whitesource/log4j-detect-distribution/releases/download/v1.0.0/log4j-detect-1.0.0-linux-$ARCH.tar.gz"
tar -xzvf log4j-detect-1.0.0-linux-$ARCH.tar.gz
wget "https://github.com/whitesource/log4j-detect-distribution/releases/latest/download/log4j-detect-1.2.0-linux-$ARCH.tar.gz"
tar -xzvf log4j-detect-1.2.0-linux-$ARCH.tar.gz
chmod +x log4j-detect
./log4j-detect -h
```
Expand All @@ -68,16 +71,16 @@ chmod +x log4j-detect

```shell
ARCH=amd64 # or ARCH=arm64
wget "https://github.com/whitesource/log4j-detect-distribution/releases/download/v1.0.0/log4j-detect-1.0.0-darwin-$ARCH.tar.gz"
tar -xzvf log4j-detect-1.0.0-darwin-$ARCH.tar.gz
wget "https://github.com/whitesource/log4j-detect-distribution/releases/latest/download/log4j-detect-1.2.0-darwin-$ARCH.tar.gz"
tar -xzvf log4j-detect-1.2.0-darwin-$ARCH.tar.gz
chmod +x log4j-detect
./log4j-detect -h
```

### Windows

```powershell
Invoke-WebRequest -Uri "https://github.com/whitesource/log4j-detect-distribution/releases/download/v1.0.0/log4j-detect-1.0.0-windows-amd64.zip" -OutFile "log4j-detect.zip"
Invoke-WebRequest -Uri "https://github.com/whitesource/log4j-detect-distribution/releases/latest/download/log4j-detect-1.2.0-windows-amd64.zip" -OutFile "log4j-detect.zip"
Expand-Archive -LiteralPath 'log4j-detect.zip'
cd log4j-detect
.\log4j-detect.exe -h
Expand Down

0 comments on commit 34af021

Please sign in to comment.