Home Source code JFrog Releases OSS Tools to Identify Log4j Usage in Binaries and Source...

JFrog Releases OSS Tools to Identify Log4j Usage in Binaries and Source Code


SUNNYVALE, Calif .– (COMMERCIAL THREAD) –JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the company Liquid Software and the creators of JFrog DevOps Platform, today released free analysis tools specifically designed for developers to detect the presence and use of Apache Log4j in source code and binaries. The four new tools are available for download immediately via GitHub both in Java and in Python.

The new tools perform specialized scans to identify direct or indirect (transitive) dependencies, as well as instances where Log4j does not appear as a separate file, but is bundled into a larger, harder to detect package. The new tools are command line based for easy integration with existing developer environments and their open kernel helps ensure that capabilities will continue to evolve over time as needs change.

“The Log4j vulnerability has set the enterprise software landscape on fire due to its widespread use as a component in the software supply chain, making it difficult to locate and fix quickly,” Asaf said. Karas, CTO of JFrog Security Research. “In times of crisis, open source tools that analyze both binaries and source code enable collaboration and community contributions to collectively solve immediate and long-term security issues, which is why we are proud to publish these tools today.

Industrial research estimates almost half of all global companies have already been impacted by the Log4j vulnerability with incidents increasing day by day. Government officials from Austria, Canada, New Zealand, Great Britain, and the we have also sounded the alarm bells about this recently exposed vulnerability and recommend immediate action by companies and software vendors.

The Log4j vulnerability was originally discovered and reported to Apache by Alibaba’s cloud security team on November 24. MITER assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers. JFrog’s security research team detailed currently known Log4j vulnerabilities and outlined best practices for identifying and resolving them. in this blog, which is continuously updated.

Interested parties can also register to learn more about Log4j, its impact, and how to quickly identify and manage threats in the JFrog webinar, Log4Shell vulnerability: everything you need to know, ” taking place on Thursday, December 16, 2021 at 11 a.m. PT / 2 p.m. ET.

Do you like this story? Tweet this:. @ Jfrog releases 4 new OSS tools to help identify and fix vulnerabilities in Log4j. Download them now: https://github.com/jfrog/log4j-tools

About JFrog

JFrog’s mission is to be the company that powers all software updates in the world, driven by a vision of “liquid software” to enable the seamless and secure flow of binaries from developers to the edge. The company’s end-to-end DevOps platform – the JFrog Platform – provides the tools and visibility required by modern organizations to solve today’s challenges through critical elements of the DevOps cycle. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as self-managed and SaaS services on a number of cloud service provider platforms. JFrog is trusted by millions of users and thousands of customers, including the majority of Fortune 100 companies that depend on JFrog solutions to manage their critical software delivery pipelines. Learn more about jfrog.com.

Caution regarding forward-looking statements

This press release contains “forward-looking” statements, as that term is defined in United States federal securities laws, including, but not limited to, statements regarding open source tools that allow developers to determine quickly exposure and focus remedial efforts to speed up resolution time, our ability to meet customer needs and our ability to impose market standards. These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to risks, uncertainties, assumptions and material changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied. in any forward-looking statement. appearance statement.

There are a number of significant factors that could cause actual results, performance or achievements to differ materially from statements made in this press release, including, but not limited to, the risks detailed in our documents filed with the Securities and Exchange Commission, including in our annual report. on Form 10-K for the fiscal year ended December 31, 2020, our quarterly reports on Form 10-Q and other documents and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update any forward-looking statements.

Source link