github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-14 14:11:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

version 1.4.0 documentation

Browse Source
This commit is contained in:
Jeremy Long
2016-06-16 19:24:14 -04:00
parent 60c8655b95
commit 427a7b4ec8
1209 changed files with 57762 additions and 51538 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
index.html
View File

@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.7 at 2016-04-09
| Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-06-16
| Rendered using Apache Maven Fluido Skin 1.5
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20160409" />
<meta name="Date-Revision-yyyymmdd" content="20160616" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; About</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5.min.css" />
@@ -59,9 +59,9 @@
<li class="active ">About</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2016-04-09</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2016-06-16</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.6
Version: 1.4.0
</li>
</ul>
@@ -203,9 +203,6 @@
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
@@ -215,7 +212,7 @@
<div id="bodyColumn" class="span10" >
<h1>About</h1>
<p>OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java, .NET, Python, Ruby (gemspec), PHP (composer), and Node.js applications (and their dependent libraries) to identify known vulnerable components. In addition, Dependency-check can be used to scan some source code, including OpenSSL source code and projects that use <a class="externalLink" href="https://www.gnu.org/software/autoconf/">Autoconf</a> or <a class="externalLink" href="http://www.cmake.org/overview/">CMake</a>.</p>
<p>OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java and .NET applications to identify the use of known vulnerable components. Experimental analyzers for Python, Ruby, PHP (composer), and Node.js applications; these are experimental due to the possible false positive and false negative rates. To use the experimental analyzers they must be specifically enabled via the appropriate <i>experimental</i> configuration. In addition, dependency-check has experimental analyzers that can be used to scan some C/C++ source code, including OpenSSL source code and projects that use <a class="externalLink" href="https://www.gnu.org/software/autoconf/">Autoconf</a> or <a class="externalLink" href="http://www.cmake.org/overview/">CMake</a>.</p>
<p>The problem with using known vulnerable components was covered in a paper by Jeff Williams and Arshan Dabirsiaghi titled, &#x201c;<a class="externalLink" href="http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&amp;__hssc=92971330.1.1412763139545&amp;__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&amp;hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5">The Unfortunate Reality of Insecure Libraries</a>&#x201d; (registration required). The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the <a class="externalLink" href="http://web.nvd.nist.gov/view/vuln/search">National Vulnerability Database</a>).</p>
<p>More information about dependency-check can be found here:</p>
@@ -240,6 +237,14 @@
<li><a href="dependency-check-gradle/index.html">Gradle Plugin</a></li>
<li><a href="dependency-check-jenkins/index.html">Jenkins Plugin</a></li>
</ul>
<p>For help with dependency-check the following resource can be used:</p>
<ul>
<li>Post to the <a class="externalLink" href="https://groups.google.com/forum/#!forum/dependency-check">google group</a>: <a class="externalLink" href="mailto://dependency-check+subscribe@googlegroups.com">subscribe</a>, <a class="externalLink" href="mailto://dependency-check@googlegroups.com">post</a>,</li>
<li>Open a <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/issues">github issue</a></li>
</ul>
</div>
</div>