github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-18 09:37:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

version 1.3.0 documentation

Browse Source
This commit is contained in:
Jeremy Long
2015-08-05 15:38:32 -04:00
parent 5cc29d0a00
commit 4fd8873223
1212 changed files with 86425 additions and 43448 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
index.html
View File

@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-05-11
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150511" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - About</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-05-11</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="projectVersion" class="pull-right">
Version: 1.2.11
Version: 1.3.0
</li>
</ul>
@@ -141,14 +141,14 @@
</li>
</ul>
</li>
<li>
<a href="analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-right"></i>
File Type Analyzers</a>
</li>
<li>
<a href="modules.html" title="Modules">
@@ -206,7 +206,7 @@
<div id="bodyColumn" class="span9" >
<h1>About</h1>
<p>OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java, .NET, and Python applications (and their dependent libraries) to identify known vulnerable components.</p>
<p>OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java, .NET, and Python applications (and their dependent libraries) to identify known vulnerable components. In addition, Dependency-check can be used to scan some source code, including OpenSSL source code and source code for projects that use Autoconf.</p>
<p>The problem with using known vulnerable components was covered in a paper by Jeff Williams and Arshan Dabirsiaghi titled, &#x201c;<a class="externalLink" href="http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&amp;__hssc=92971330.1.1412763139545&amp;__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&amp;hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5">The Unfortunate Reality of Insecure Libraries</a>&#x201d; (registration required). The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the <a class="externalLink" href="http://web.nvd.nist.gov/view/vuln/search">National Vulnerability Database</a>).</p>
<p>More information about dependency-check can be found here:</p>
@@ -228,7 +228,7 @@
<li><a href="dependency-check-ant/index.html">Ant Task</a></li>
<li>In a <a href="./gradle.html">Gradle Build</a></li>
<li><a href="dependency-check-gradle/index.html">Gradle Plugin</a></li>
<li><a href="dependency-check-jenkins/index.html">Jenkins Plugin</a></li>
</ul>