github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-23 17:41:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

OpenSSL: Site doc additions, including about Autoconf analyzer.

Browse Source 
Former-commit-id: 35253cfbf5cfcf04b2f3fe39f0891cd0bf1155b4
This commit is contained in:
Dale Visser
2015-07-09 17:11:06 -04:00
parent 433c2e5916
commit 5354137c76
3 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/site/markdown/analyzers/index.md
View File

@@ -5,8 +5,10 @@ to extract identification information from the files analyzed.
- [Archive Analyzer](./archive-analyzer.html) - [Archive Analyzer](./archive-analyzer.html)
- [Assembly Analyzer](./assembly-analyzer.html) - [Assembly Analyzer](./assembly-analyzer.html)
- [Autoconf Analyzer](./autoconf-analyzer.html)
- [Central Analyzer](./central-analyzer.html) - [Central Analyzer](./central-analyzer.html)
- [Jar Analyzer](./jar-analyzer.html) - [Jar Analyzer](./jar-analyzer.html)
- [Nexus Analyzer](./nexus-analyzer.html) - [Nexus Analyzer](./nexus-analyzer.html)
- [Nuspec Analyzer](./nuspec-analyzer.html) - [Nuspec Analyzer](./nuspec-analyzer.html)
- [OpenSSL Analyzer](./openssl-analyzer.html)
- [Python Analyzer](./python-analyzer.html) - [Python Analyzer](./python-analyzer.html)

4
src/site/markdown/index.md
View File

@@ -4,7 +4,9 @@ OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry:
[A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities). [A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java, .NET, and Python Dependency-check can currently be used to scan Java, .NET, and Python
applications (and their dependent libraries) to identify known vulnerable applications (and their dependent libraries) to identify known vulnerable
components. components. In addition, Dependency-check can be used to scan some source
code, including OpenSSL source code and source code for projects that use
Autoconf.
The problem with using known vulnerable components was covered in a paper by The problem with using known vulnerable components was covered in a paper by
Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of

6
src/site/site.xml
View File

@@ -124,6 +124,12 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<item name="Nuspec Analyzer" href="./analyzers/nuspec-analyzer.html"> <item name="Nuspec Analyzer" href="./analyzers/nuspec-analyzer.html">
<description>Nuspec Analyzer</description> <description>Nuspec Analyzer</description>
</item> </item>
<item name="Autoconf Analyzer" href="./analyzers/autoconf-analyzer.html">
<description>Autoconf Analyzer</description>
</item>
<item name="OpenSSL Analyzer" href="./analyzers/openssl-analyzer.html">
<description>OpenSSL Analyzer</description>
</item>
</item> </item>
<item collapse="true" name="Modules" href="./modules.html"> <item collapse="true" name="Modules" href="./modules.html">
<item name="dependency-check-cli" href="./dependency-check-cli/index.html"> <item name="dependency-check-cli" href="./dependency-check-cli/index.html">