- Adds
fossa log4j
command. (#744)
Fossa's log4j command reports, log4j (direct or transitive) dependencies and its vulnerability (if any) in projects.
We look for log4j dependencies in:
- Maven projects
- Gradle projects
- Sbt projects (scala)
- Leiningen projects (clojure)
For more information regarding log4j vulnerability, please refer to: https://fossa.com/blog/log4j-log4shell-zero-day-vulnerability-impact-fixes/
To perform log4j command, use: fossa log4j
, target directory can also be passed by: fossa log4j ../some-path/