News
Syft is also able to discern which version of Log4j a Java application contains. The Log4j JAR can be directly included in our project, or it can be hidden away in one of the dependencies we include.
There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
Results that may be inaccessible to you are currently showing.
Hide inaccessible results