diff --git a/src/site/markdown/analyzers/autoconf.md b/src/site/markdown/analyzers/autoconf.md index 1a9badb37..5388cbf4d 100644 --- a/src/site/markdown/analyzers/autoconf.md +++ b/src/site/markdown/analyzers/autoconf.md @@ -1,6 +1,10 @@ Autoconf Analyzer ================= +*Experimental*: This analyzer is considered experimental. While this analyzer may +be useful and provide valid results more testing must be completed to ensure that +the false negative/false positive rates are acceptable. + OWASP dependency-check includes an analyzer that will scan Autoconf project configuration files. The analyzer will collect as much information it can about the project. The information collected is internally referred to as diff --git a/src/site/markdown/analyzers/cmake.md b/src/site/markdown/analyzers/cmake.md index 2cc0a1889..09baffff6 100644 --- a/src/site/markdown/analyzers/cmake.md +++ b/src/site/markdown/analyzers/cmake.md @@ -1,6 +1,10 @@ CMake Analyzer ============== +*Experimental*: This analyzer is considered experimental. While this analyzer may +be useful and provide valid results more testing must be completed to ensure that +the false negative/false positive rates are acceptable. + OWASP dependency-check includes an analyzer that will scan CMake project configuration files. The analyzer will collect as much information it can about the project. The information collected is internally referred to as diff --git a/src/site/markdown/analyzers/composer-lock.md b/src/site/markdown/analyzers/composer-lock.md index 64c88808d..b37f5ebe5 100644 --- a/src/site/markdown/analyzers/composer-lock.md +++ b/src/site/markdown/analyzers/composer-lock.md @@ -1,6 +1,10 @@ Composer Lock Analyzer ============== +*Experimental*: This analyzer is considered experimental. While this analyzer may +be useful and provide valid results more testing must be completed to ensure that +the false negative/false positive rates are acceptable. + OWASP dependency-check includes an analyzer that scans composer.lock files to get exact dependency version information from PHP projects which are managed with [Composer](http://getcomposer.org/). If you're using Composer to manage your project, this will only analyze the `composer.lock` file diff --git a/src/site/markdown/analyzers/nodejs.md b/src/site/markdown/analyzers/nodejs.md index 3920ba7bb..139bb7dc1 100644 --- a/src/site/markdown/analyzers/nodejs.md +++ b/src/site/markdown/analyzers/nodejs.md @@ -1,6 +1,10 @@ Node.js Analyzer ================ +*Experimental*: This analyzer is considered experimental. While this analyzer may +be useful and provide valid results more testing must be completed to ensure that +the false negative/false positive rates are acceptable. + OWASP dependency-check includes an analyzer that will scan [Node Package Manager](https://www.npmjs.com/) package specification files. The analyzer will collect as much information as it can about the package. The information collected is internally referred to @@ -8,7 +12,7 @@ as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply. -Note:_Consider using [Retire.js](http://retirejs.github.io/retire.js/) or the +*Note*: Consider using [Retire.js](http://retirejs.github.io/retire.js/) or the Node Security Project auditing tool, [nsp](https://nodesecurity.io/tools) instead of, or in addition to OWASP dependency-check to analyze Node.js packages. diff --git a/src/site/markdown/analyzers/python.md b/src/site/markdown/analyzers/python.md index 7ad7eeee8..002251470 100644 --- a/src/site/markdown/analyzers/python.md +++ b/src/site/markdown/analyzers/python.md @@ -1,6 +1,10 @@ Python Analyzer ============== +*Experimental*: This analyzer is considered experimental. While this analyzer may +be useful and provide valid results more testing must be completed to ensure that +the false negative/false positive rates are acceptable. + OWASP dependency-check includes an analyzer that will scan Python artifacts. The analyzer(s) will collect as much information it can about the Python artifacts. The information collected is internally referred to as evidence and diff --git a/src/site/markdown/analyzers/ruby-gemspec.md b/src/site/markdown/analyzers/ruby-gemspec.md index 04116f442..ee3925782 100644 --- a/src/site/markdown/analyzers/ruby-gemspec.md +++ b/src/site/markdown/analyzers/ruby-gemspec.md @@ -1,6 +1,10 @@ Ruby Gemspec Analyzer ===================== +*Experimental*: This analyzer is considered experimental. While this analyzer may +be useful and provide valid results more testing must be completed to ensure that +the false negative/false positive rates are acceptable. + OWASP dependency-check includes an analyzer that will scan [Ruby Gem](https://rubygems.org/) [specifications](http://guides.rubygems.org/specification-reference/). The analyzer will collect as much information as it can about the Gem. The @@ -9,7 +13,7 @@ into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply. -Note: It is highly recommended that Ruby projects use +*Note*: It is highly recommended that Ruby projects use [bundler-audit](https://github.com/rubysec/bundler-audit#readme). Files Types Scanned: Rakefile, \*.gemspec \ No newline at end of file