- Flexera Community
- :
- FlexNet Manager
- :
- FlexNet Manager Forum
- :
- Discover Open Source & Log4j
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does Flexera have a paper on the discovery of Open Source Software & in particular for Log4J
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a great article on how to use the FNMS agent file scan to identify problematic log4j files: https://community.flexera.com/t5/FlexNet-Manager-Blog/Finding-installations-of-Apache-Log4j-or-other-files-on/ba-p/217513
This might have limits if OSS is highly integrated, like code-wise.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here are some other resources related to Log4j that you may find interesting reading:
- Apache Log4j 2, Flexera and you
- Identifying Apache Log4j JNDI Vulnerability “Log4Shell” and Variants (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104)
- What you need to know about the Log4j security vulnerability
In terms of discovery of open source software components that are included in other software, the following info may be helpful: What is Software Composition Analysis?
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a great article on how to use the FNMS agent file scan to identify problematic log4j files: https://community.flexera.com/t5/FlexNet-Manager-Blog/Finding-installations-of-Apache-Log4j-or-other-files-on/ba-p/217513
This might have limits if OSS is highly integrated, like code-wise.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here are some other resources related to Log4j that you may find interesting reading:
- Apache Log4j 2, Flexera and you
- Identifying Apache Log4j JNDI Vulnerability “Log4Shell” and Variants (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104)
- What you need to know about the Log4j security vulnerability
In terms of discovery of open source software components that are included in other software, the following info may be helpful: What is Software Composition Analysis?
