Approx learn time: 3.5 minutes
The clock continues to tick as exploits for the just lately found Log4j vulnerability are anticipated to proceed properly into the approaching months, and even years. Firms are dashing to scan purposes to find weak elements affected by the Log4j assaults.
To assist pace up this course of, we’re excited to announce Sonatype’s new Log4j Visualizer function in Nexus Repository (as of model 3.37.2), obtainable to all Nexus OSS and Professional customers.
The Log4j Visualizer capabilities as a highlight for engineering groups on Maven Log4j part downloads inside their group, and any elements impacted by Log4j on inside repositories. This contains packages impacted by CVE-2021-44228, in views separated by repository, username, and IP tackle.
As stewards of Maven Central, Sonatype groups are working onerous to make sure organizations have dependable and quick entry to the most recent Log4j fixes. Our obtainable sources for code high quality, software scanning, and obtainable intel speed up safety for the software program provide chain. The Log4j Visualizer will do the identical with the important thing options highlighted under.
Present Log4j Part Downloads in your Group
Getting began with the brand new function is straightforward: after logging into Nexus Repository, you will notice a immediate to allow the Log4j Visualizer. Should you settle for, you’ll see three separate datasets, as proven under:
Display seize of the Log4j Visualizer
- Desk 1: Repository
Breaks down what number of instances customers downloaded Log4j elements which are impacted by CVE-2021-44228 from particular repositories.
- Desk 2: Username
Reveals the usernames related to accounts downloading impacted elements.
- Desk 3: IP Handle
Shows the IP addresses which have downloaded impacted elements.
The interface additionally permits customers to view the standing of people by typing in any of the above (repository identify, username, or IP tackle). The function requires (Learn extra…)