log4jscanner is a filesystem scanner and Go package that helps organizations quickly identify vulnerable Log4j components inside JARs and shaded dependencies. Instead of probing networks, it walks directories and archives, including nested JARs, to find version fingerprints and risky classes associated with the Log4Shell family of issues. The focus on static analysis makes it suitable for container images, build artifacts, and offline systems where active scanning isn’t feasible. Clear, machine-readable output allows the tool to plug into CI/CD checks and fleet-wide inventory jobs. For responders, it reduces time-to-visibility by surfacing exactly which paths and bundles require patching or remediation. It’s a pragmatic addition to defense-in-depth programs that need verifiable evidence of exposure without deploying agents.

Features

  • Recurses archives to detect vulnerable Log4j versions and classes
  • Handles nested and shaded JARs common in Java build outputs
  • Works offline on filesystems, images, and artifact stores
  • CLI and library modes for integration into pipelines
  • Machine-readable reports suitable for inventory and triage
  • Minimal dependencies and easy distribution across platforms

Project Samples

Log4jScanner Screenshot 1

Project Activity

See All Activity >

Categories

Data Analytics

License

Apache License V2.0

Follow Log4jScanner

Log4jScanner Web Site

Other Useful Business Software
Gemini 3 and 200+ AI Models on One Platform Icon
Gemini 3 and 200+ AI Models on One Platform

Access Google's best plus Claude, Llama, and Gemma. Fine-tune and deploy from one console.

Build generative AI apps with Vertex AI. Switch between models without switching platforms.
Start Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of Log4jScanner!

Additional Project Details

Programming Language

Go

Related Categories

Go Data Analytics Tool

Registered

2025-10-10
Report inappropriate content