mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-05-01 20:54:44 +02:00
OpenSSL: Site doc additions, including about Autoconf analyzer.
Former-commit-id: 35253cfbf5cfcf04b2f3fe39f0891cd0bf1155b4
This commit is contained in:
Dale Visser
@@ -5,8 +5,10 @@ to extract identification information from the files analyzed.
|
||||
|
||||
- [Archive Analyzer](./archive-analyzer.html)
|
||||
- [Assembly Analyzer](./assembly-analyzer.html)
|
||||
- [Autoconf Analyzer](./autoconf-analyzer.html)
|
||||
- [Central Analyzer](./central-analyzer.html)
|
||||
- [Jar Analyzer](./jar-analyzer.html)
|
||||
- [Nexus Analyzer](./nexus-analyzer.html)
|
||||
- [Nuspec Analyzer](./nuspec-analyzer.html)
|
||||
- [OpenSSL Analyzer](./openssl-analyzer.html)
|
||||
- [Python Analyzer](./python-analyzer.html)
|
||||
|
||||
@@ -4,7 +4,9 @@ OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry:
|
||||
[A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
|
||||
Dependency-check can currently be used to scan Java, .NET, and Python
|
||||
applications (and their dependent libraries) to identify known vulnerable
|
||||
components.
|
||||
components. In addition, Dependency-check can be used to scan some source
|
||||
code, including OpenSSL source code and source code for projects that use
|
||||
Autoconf.
|
||||
|
||||
The problem with using known vulnerable components was covered in a paper by
|
||||
Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of
|
||||
|
||||
Reference in New Issue
Block a user