github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-18 01:27:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

documentation v1.3.1

Browse Source
This commit is contained in:
Jeremy Long
2015-09-20 07:41:29 -04:00
parent 4fd8873223
commit 191c5fae56
1456 changed files with 125936 additions and 63077 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
index.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - About</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; About</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="./css/site.css" />
<link rel="stylesheet" href="./css/print.css" media="print" />
<script type="text/javascript" src="./js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="./js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,97 +72,111 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li class="active">
<a href="#"><i class="icon-chevron-down"></i>General</a>
<a href="#"><span class="icon-chevron-down"></span>General</a>
<ul class="nav nav-list">
<li>
<a href="general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="data/index.html" title="Internet Access Required">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
File Type Analyzers</a>
</li>
<li>
<a href="modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -203,10 +217,10 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>About</h1>
<p>OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java, .NET, and Python applications (and their dependent libraries) to identify known vulnerable components. In addition, Dependency-check can be used to scan some source code, including OpenSSL source code and source code for projects that use Autoconf.</p>
<p>OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java, .NET, Python, Ruby (gemspec), PHP (composer), and Node.js applications (and their dependent libraries) to identify known vulnerable components. In addition, Dependency-check can be used to scan some source code, including OpenSSL source code and projects that use <a class="externalLink" href="https://www.gnu.org/software/autoconf/">Autoconf</a> or <a class="externalLink" href="http://www.cmake.org/overview/">CMake</a>.</p>
<p>The problem with using known vulnerable components was covered in a paper by Jeff Williams and Arshan Dabirsiaghi titled, &#x201c;<a class="externalLink" href="http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&amp;__hssc=92971330.1.1412763139545&amp;__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&amp;hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5">The Unfortunate Reality of Insecure Libraries</a>&#x201d; (registration required). The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the <a class="externalLink" href="http://web.nvd.nist.gov/view/vuln/search">National Vulnerability Database</a>).</p>
<p>More information about dependency-check can be found here:</p>
@@ -241,15 +255,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>