Detect vulnerable use of log4j

The question was asked earlier, and I don’t think I saw an answer, can sonarqube be used to detect/search for places in a codebase where problematic calls to log4j are made.

Hello @davidlang,

I moved your question out the main Log4J thread so it’s simpler to answer you.

I’ve just posted an answer here with details of what SonarQube can do to help.