Skip to main content
Version: Early Access

Locate vulnerable deployed artifacts

This topic describes a method for identifying all instances of a deployed artifact, which is useful, for example, if a particular open-source library used by your application is found to be vulnerable.

Using the Deploy command-line interface (CLI), you can locate such artifacts. This CLI script will search for all deployed packages containing a specified vulnerable file.

To use the script, save it as a .py file in the XL_DEPLOY_CLI_HOME/bin directory. Execute the following command, supplying any log-in information:

    ./ -q -f $(pwd)/<script>.py <artifact>

For example, if you named the script and you want to search for a file called PetClinic-1.0.ear, execute:

./ -q -f $(pwd)/ PetClinic-1.0.ear

This is an example of the report that will be produced:

Searching for uses of vulnerable file [PetClinic-1.0.ear]

Vulnerability found in application [Applications/PetClinic-ear/1.0] deployed to [Environments/Ops/Acc/ACC] because of [jcr:PetClinic-1.0.ear]
Vulnerability found in application [Applications/PetPortal/2.1-2] deployed to [Environments/Dev/TEST] because of [jcr:PetClinic-1.0.ear]
Vulnerability found in application [Applications/PetPortal/2.1-2] deployed to [Environments/Ops/Acc/ACC] because of [jcr:PetClinic-1.0.ear]
Vulnerability found in application [Applications/PetPortal/2.1-2] deployed to [Environments/Ops/Prod/PROD] because of [jcr:PetClinic-1.0.ear]

The following infrastructure is affected by this vulnerability

============================================= | ==========
Infrastructure/Dev/Appserver-1 | jboss1
Infrastructure/Dev/DevServer-1 | LOCALHOST
Infrastructure/Ops/North/Acc/Appserver-1 | LOCALHOST
Infrastructure/Ops/North/Prod/Appserver-1 | LOCALHOST
Infrastructure/Ops/North/Prod/Appserver-3 | LOCALHOST
Infrastructure/Ops/South/Acc/Appserver-2 | LOCALHOST
Infrastructure/Ops/South/Prod/Appserver-2 | LOCALHOST
Infrastructure/Ops/South/Prod/Appserver-4 | LOCALHOST