The question was asked earlier, and I don’t think I saw an answer, can sonarqube be used to detect/search for places in a codebase where problematic calls to log4j are made.
Hello @davidlang,
I moved your question out the main Log4J thread so it’s simpler to answer you.
I’ve just posted an answer here with details of what SonarQube can do to help.
Alex