FortiDevSec is an application security testing product that offers a comprehensive SaaS based continuous application testing for software Developers and DevOps, without the need for any security expertise

This article describes detection of the Spring4Shell vulnerability with FortiDevSec.


The CVE-2022-22965 vulnerability is a 0-day exploit that was discovered on a popular Java lightweight open source framework named Spring Framework.

This zero-day can result in remote code execution, allowing the attacker to take full control of the target system.


FortiDevSec SCA scanner updated in version 22.4


Detection against the vulnerability is empowered by the FortiDevSec Software Composition Analysis (SCA) scanner.


This technology enables FortiDevSec to assess whether an application codebase is vulnerable to a specific vulnerability with a high level of confidence by identifying open-source software dependencies.


The SCA scanner is enabled by default. Once the scan is performed on an application, the result appears under the Software Composition Analysis tab.


A step-by-step guide on how to scan an application is available in the user guide.


For more details regarding mitigating the Spring4Shell vulnerability with Fortinet products, refer to