log4jscanner is a filesystem scanner and Go package that helps organizations quickly identify vulnerable Log4j components inside JARs and shaded dependencies. Instead of probing networks, it walks directories and archives, including nested JARs, to find version fingerprints and risky classes associated with the Log4Shell family of issues. The focus on static analysis makes it suitable for container images, build artifacts, and offline systems where active scanning isn’t feasible. Clear, machine-readable output allows the tool to plug into CI/CD checks and fleet-wide inventory jobs. For responders, it reduces time-to-visibility by surfacing exactly which paths and bundles require patching or remediation. It’s a pragmatic addition to defense-in-depth programs that need verifiable evidence of exposure without deploying agents.

Features

  • Recurses archives to detect vulnerable Log4j versions and classes
  • Handles nested and shaded JARs common in Java build outputs
  • Works offline on filesystems, images, and artifact stores
  • CLI and library modes for integration into pipelines
  • Machine-readable reports suitable for inventory and triage
  • Minimal dependencies and easy distribution across platforms

Project Samples

Log4jScanner Screenshot 1

Project Activity

See All Activity >

Categories

Data Analytics

License

Apache License V2.0

Follow Log4jScanner

Log4jScanner Web Site

Other Useful Business Software
$300 in Free Credit Towards Top Cloud Services Icon
$300 in Free Credit Towards Top Cloud Services

Build VMs, containers, AI, databases, storage—all in one place.

Start your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
Get Started
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of Log4jScanner!

Additional Project Details

Programming Language

Go

Related Categories

Go Data Analytics Tool

Registered

2025-10-10
Report inappropriate content