Keeping current with Log4j dependencies and new exploits is a complex and ongoing challenge. Organizations struggle to find the proverbial needle in hundreds of haystacks in a constantly changing environment. Then there is the issue of finding the right security tool to use across numerous applications and networks.
Our Truematch technology gives us the unique ability to detect log4j in your projects, direct and transitive dependencies, as source code from a forked or downloaded project, or embedded directly into your source code.
To better serve the needs of our customers, we have enhanced our capabilities to detect instances of log4j within commercial software installed on devices, including servers, VMs, and even docker images.
Threatrix provides extreme fidelity even in cases where developers have changed the file, class, method, or variable names. We’re working closely with our customers to help them detect log4j in these difficult-to-discover use cases.