stackoom
  简体   繁体   中英

SonarQube log4j Vulnerability

 原文  2021-12-14 06:51:59       security/ sonarqube/ log4j

Question

How to detect the log4j vulnerability in SonarQube LTS 8.2 version any script for that.

I tried this community reference but not able to find for 8.2 version.

https://community.sonarsource.com/t/sonarqube-sonarcloud-and-the-log4j-vulnerability/54721

1 answers

solution1
 0  2021-12-15 08:24:36

I think it refers to the sonar instance itself to prevent the vulnerability, maybe what you re looking for is kind a rule based on a regex pattern to check the package version. Try creating a new rule on sonar and add it to your quality profile

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to search for log4j vulnerability? Was slf4j affected with vulnerability issue in log4j Jenkins log4j vulnerability testing from pipeline job How do I fix the log4j vulnerability (Windows)? log4j vulnerability with avro-tools-1.9.1.jar Ubuntu and log4j vulnerability: java not even installed Apache/2.4.29 (Ubuntu) apache2 Log4j vulnerability Effect of log4j vulnerability on wildfly-11.0.0-final Does log4j security violation vulnerability affect log4net? Should we do something regarding Log4j vulnerability when we are using it for Testing?( TestNg Framework)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM