ISO scanning: Added clarification on what can be scanned. Fleshed out file type analyzers page with details. Re-ordered side menu alphabetically to match.

src/site/markdown/analyzers/index.md

@@ -3,12 +3,14 @@ File Type Analyzers
 OWASP dependency-check contains several file type analyzers that are used
 to extract identification information from the files analyzed.
 
-- [Archive Analyzer](./archive-analyzer.html)
-- [Assembly Analyzer](./assembly-analyzer.html)
-- [Autoconf Analyzer](./autoconf-analyzer.html)
-- [Central Analyzer](./central-analyzer.html)
-- [Jar Analyzer](./jar-analyzer.html)
-- [Nexus Analyzer](./nexus-analyzer.html)
-- [Nuspec Analyzer](./nuspec-analyzer.html)
-- [OpenSSL Analyzer](./openssl-analyzer.html)
-- [Python Analyzer](./python-analyzer.html)
+| Analyzer | File Types Scanned | Analysis Method |
+| -------- | ------------------ | --------------- |
+| [Archive Analyzer](./archive-analyzer.html) | Zip archive format (\*.zip, \*.ear, *.war, \*.jar, \*.sar, \*.apk, \*.nupkg); Tape Archive Format (\*.tar); Gzip format (\*.gz, \*.tgz); Bzip2 format (\*.bz2, \*.tbz2) | Extracts archive contents, then scans contents with all available analyzers. |
+| [Assembly Analyzer](./assembly-analyzer.html) | .NET Assemblies (\*.exe, \*.dll) | Uses [GrokAssembly.exe](https://github.com/colezlaw/GrokAssembly), which requires .NET Framework or Mono runtime to be installed. |
+| [Autoconf Analyzer](./autoconf-analyzer.html) | Autoconf project configuration files (configure, configure.in, configure.ac) | Regex scan for AC_INIT metadata, including in generated configuration script. |
+| [Central Analyzer](./central-analyzer.html) | Java archive files (\*.jar) | Searches Maven Central or a configured Nexus repository for the file's SHA1 hash. |
+| [Jar Analyzer](./jar-analyzer.html) | Java archive files (\*.jar); Web application archive (\*.war) | Examines archive manifest metadata, and Maven Project Object Model files (pom.xml). |
+| [Nexus Analyzer](./nexus-analyzer.html) | Java archive files (\*.jar) | Searches Sonatype or a configured Nexus repository for the file's SHA1 hash. In most cases, superceded by Central Analyzer. |
+| [Nuspec Analyzer](./nuspec-analyzer.html) | Nuget package specification file (\*.nuspec) | Uses XPath to parse specification XML. |
+| [OpenSSL Analyzer](./openssl-analyzer.html) | OpenSSL Version Source Header File (opensslv.h) | Regex parse of the OPENSSL_VERSION_NUMBER macro definition. |
+| [Python Analyzer](./python-analyzer.html) | Python source files (\*.py); Package metadata files (PKG-INFO, METADATA); Package Distribution Files (whl, egg, zip, PKG-INFO, and METADATA) | Regex scan of Python source files for setuptools metadata; Parse RFC822 header format for metadata in all other artifacts. |

src/site/markdown/general/scan_iso.md

@@ -2,11 +2,10 @@ How to Mount ISO Files for Scanning
 ===================================
 
 Dependency-Check can be used as one of your tools for vetting software
-distributed via an [ISO image](https://en.wikipedia.org/wiki/ISO_image). These
-disk image files are not a standard archive format, however. Tools must be
-used that can interpret the contained file system. As will be shown below,
-Linux, Mac OS X, and recent versions of Windows can be used to mount the
-image's file system, which can then be scanned by Dependency-Check.
+distributed via an [ISO image](https://en.wikipedia.org/wiki/ISO_image). (See
+[File Type Analyzers](../analyzers/) for a list of what types of artifacts
+Dependency-Check is capable of scanning.) These disk image files are not a standard archive format, however. Tools must be used that can interpret the contained file system. As will be shown below, Linux, Mac OS X, and recent versions of Windows can be used to mount the image's file system, which can
+then be scanned by Dependency-Check.
 
 ISO images are named for the fact that they nearly always contain one of a
 pair of international file system standards published by
@@ -31,7 +30,7 @@ command with `sudo`.
 $ sudo mount -o loop foo.iso /mnt/foo
 ```
 
-Next, you can use Dependency-Check's [command line tool](dependency-check-cli/index.html)
+Next, you can use Dependency-Check's [command line tool](dependency-check-cli/)
 to scan the mount point. When you are finished, run the
 [umount](http://linux.die.net/man/8/umount) command with root privileges:
 
@@ -76,7 +75,8 @@ Windows 8 and later versions support mounting ISO images as a virtual drive.
 1. In *File Explorer*, right-click on "foo.iso".
 2. Select "Mount"
 
-File Explorer then redirects to showing the files on your virtual drive. You can then use the [command line tool](dependency-check-cli/index.html) to scan the virtual drive. When finished, "Windows-E" will open File Explorer showing the various drives on your computer. To eject the virtual drive:
+File Explorer then redirects to showing the files on your virtual drive. You can then use the [command line tool](dependency-check-cli/) to scan the
+virtual drive. When finished, "Windows-E" will open File Explorer showing the various drives on your computer. To eject the virtual drive:
 
 1. Right-click on the virtual drive.
 2. Select "Eject"

src/site/site.xml

@@ -110,26 +110,26 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                 <item name="Archive Analyzer" href="./analyzers/archive-analyzer.html">
                     <description>Archive Analyzer</description>
                 </item>
-                <item name="Jar Analyzer" href="./analyzers/jar-analyzer.html">
-                    <description>Jar Analyzer</description>
+                <item name="Assembly Analyzer" href="./analyzers/assembly-analyzer.html">
+                    <description>Assembly Analyzer</description>
                 </item>
-                <item name="Python Analyzer" href="./analyzers/python-analyzer.html">
-                    <description>Python Analyzer</description>
+                <item name="Autoconf Analyzer" href="./analyzers/autoconf-analyzer.html">
+                    <description>Autoconf Analyzer</description>
                 </item>
                 <item name="Central Analyzer" href="./analyzers/central-analyzer.html">
                     <description>Central Analyzer</description>
                 </item>
+                <item name="Jar Analyzer" href="./analyzers/jar-analyzer.html">
+                    <description>Jar Analyzer</description>
+                </item>
                 <item name="Nexus Analyzer" href="./analyzers/nexus-analyzer.html">
                     <description>Nexus Analyzer</description>
                 </item>
-                <item name="Assembly Analyzer" href="./analyzers/assembly-analyzer.html">
-                    <description>Assembly Analyzer</description>
-                </item>
                 <item name="Nuspec Analyzer" href="./analyzers/nuspec-analyzer.html">
                     <description>Nuspec Analyzer</description>
                 </item>
-                <item name="Autoconf Analyzer" href="./analyzers/autoconf-analyzer.html">
-                    <description>Autoconf Analyzer</description>
+                <item name="Python Analyzer" href="./analyzers/python-analyzer.html">
+                    <description>Python Analyzer</description>
                 </item>
                 <item name="OpenSSL Analyzer" href="./analyzers/openssl-analyzer.html">
                     <description>OpenSSL Analyzer</description>