Skip to content

Warning

You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?

SecureStack Log4j Vulnerability Analysis

Actions
Scans your application for the presence of serious vulnerabilities in Log4j
v0.1.3
Verified creator
Star (15)

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

SecureStack Log4j Vulnerability Analysis GitHub Action

A GitHub Action that analyses your java source code for all versions of the log4j vulnerability that affect both log4j 1.x and 2.x. You can read more about all versions of Log4j that are affected here: https://logging.apache.org/log4j/2.x/security.html

name: Example Workflow Using the SecureStack log4j scanning Action
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Log4j Scanning Step
        id: log4j
        uses: SecureStackCo/[email protected]
        with:
          securestack_api_key: ${{ secrets.SECURESTACK_API_KEY }}
          securestack_app_id: ${{ secrets.SECURESTACK_APP_ID }}
          severity: critical

Create your SecureStack API Key and save as GitHub Secret

  1. Log in to SecureStack and go to the Profile -> GENERATE KEY screen.
  2. Generate an API key and copy the value.
  3. Go to Settings for your GitHub repository and click on Secrets -> Actions at the bottom left.
  4. Create a new secret named SECURESTACK_API_KEY and paste the value from step 2 into the field.

Retreiving your SecureStack Application ID

  1. Log in to SecureStack.
  2. Open the application you wish to analyse.
  3. Copy the value of the application id on the View Application screen.
  4. Go to Settings for your GitHub repository and click on Secrets -> Actions at the bottom left.
  5. Create a new secret named SECURESTACK_APP_ID and paste the value from step 3 into the field.

Made with 💜 by SecureStack

SecureStack Log4j Vulnerability Analysis is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Scans your application for the presence of serious vulnerabilities in Log4j
v0.1.3

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

SecureStack Log4j Vulnerability Analysis is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.