github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-23 17:41:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated documentation for issue#498

Browse Source
This commit is contained in:
Jeremy Long
2016-05-30 08:23:58 -04:00
parent d13bbd43f3
commit 5b52f01f3d
6 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/site/markdown/analyzers/autoconf.md
View File

@@ -1,6 +1,10 @@
Autoconf Analyzer Autoconf Analyzer
================= =================
*Experimental*: This analyzer is considered experimental. While this analyzer may
be useful and provide valid results more testing must be completed to ensure that
the false negative/false positive rates are acceptable.
OWASP dependency-check includes an analyzer that will scan Autoconf project OWASP dependency-check includes an analyzer that will scan Autoconf project
configuration files. The analyzer will collect as much information it can configuration files. The analyzer will collect as much information it can
about the project. The information collected is internally referred to as about the project. The information collected is internally referred to as

4
src/site/markdown/analyzers/cmake.md
View File

@@ -1,6 +1,10 @@
CMake Analyzer CMake Analyzer
============== ==============
*Experimental*: This analyzer is considered experimental. While this analyzer may
be useful and provide valid results more testing must be completed to ensure that
the false negative/false positive rates are acceptable.
OWASP dependency-check includes an analyzer that will scan CMake project OWASP dependency-check includes an analyzer that will scan CMake project
configuration files. The analyzer will collect as much information it can configuration files. The analyzer will collect as much information it can
about the project. The information collected is internally referred to as about the project. The information collected is internally referred to as

4
src/site/markdown/analyzers/composer-lock.md
View File

@@ -1,6 +1,10 @@
Composer Lock Analyzer Composer Lock Analyzer
============== ==============
*Experimental*: This analyzer is considered experimental. While this analyzer may
be useful and provide valid results more testing must be completed to ensure that
the false negative/false positive rates are acceptable.
OWASP dependency-check includes an analyzer that scans composer.lock files to get exact dependency OWASP dependency-check includes an analyzer that scans composer.lock files to get exact dependency
version information from PHP projects which are managed with [Composer](http://getcomposer.org/). version information from PHP projects which are managed with [Composer](http://getcomposer.org/).
If you're using Composer to manage your project, this will only analyze the `composer.lock` file If you're using Composer to manage your project, this will only analyze the `composer.lock` file

6
src/site/markdown/analyzers/nodejs.md
View File

@@ -1,6 +1,10 @@
Node.js Analyzer Node.js Analyzer
================ ================
*Experimental*: This analyzer is considered experimental. While this analyzer may
be useful and provide valid results more testing must be completed to ensure that
the false negative/false positive rates are acceptable.
OWASP dependency-check includes an analyzer that will scan [Node Package Manager](https://www.npmjs.com/) OWASP dependency-check includes an analyzer that will scan [Node Package Manager](https://www.npmjs.com/)
package specification files. The analyzer will collect as much information as package specification files. The analyzer will collect as much information as
it can about the package. The information collected is internally referred to it can about the package. The information collected is internally referred to
@@ -8,7 +12,7 @@ as evidence and is grouped into vendor, product, and version buckets. Other
analyzers later use this evidence to identify any Common Platform Enumeration analyzers later use this evidence to identify any Common Platform Enumeration
(CPE) identifiers that apply. (CPE) identifiers that apply.
Note:_Consider using [Retire.js](http://retirejs.github.io/retire.js/) or the *Note*: Consider using [Retire.js](http://retirejs.github.io/retire.js/) or the
Node Security Project auditing tool, [nsp](https://nodesecurity.io/tools) instead Node Security Project auditing tool, [nsp](https://nodesecurity.io/tools) instead
of, or in addition to OWASP dependency-check to analyze Node.js packages. of, or in addition to OWASP dependency-check to analyze Node.js packages.

4
src/site/markdown/analyzers/python.md
View File

@@ -1,6 +1,10 @@
Python Analyzer Python Analyzer
============== ==============
*Experimental*: This analyzer is considered experimental. While this analyzer may
be useful and provide valid results more testing must be completed to ensure that
the false negative/false positive rates are acceptable.
OWASP dependency-check includes an analyzer that will scan Python artifacts. OWASP dependency-check includes an analyzer that will scan Python artifacts.
The analyzer(s) will collect as much information it can about the Python The analyzer(s) will collect as much information it can about the Python
artifacts. The information collected is internally referred to as evidence and artifacts. The information collected is internally referred to as evidence and

6
src/site/markdown/analyzers/ruby-gemspec.md
View File

@@ -1,6 +1,10 @@
Ruby Gemspec Analyzer Ruby Gemspec Analyzer
===================== =====================
*Experimental*: This analyzer is considered experimental. While this analyzer may
be useful and provide valid results more testing must be completed to ensure that
the false negative/false positive rates are acceptable.
OWASP dependency-check includes an analyzer that will scan [Ruby Gem](https://rubygems.org/) OWASP dependency-check includes an analyzer that will scan [Ruby Gem](https://rubygems.org/)
[specifications](http://guides.rubygems.org/specification-reference/). The [specifications](http://guides.rubygems.org/specification-reference/). The
analyzer will collect as much information as it can about the Gem. The analyzer will collect as much information as it can about the Gem. The
@@ -9,7 +13,7 @@ into vendor, product, and version buckets. Other analyzers later use this
evidence to identify any Common Platform Enumeration (CPE) identifiers that evidence to identify any Common Platform Enumeration (CPE) identifiers that
apply. apply.
Note: It is highly recommended that Ruby projects use *Note*: It is highly recommended that Ruby projects use
[bundler-audit](https://github.com/rubysec/bundler-audit#readme). [bundler-audit](https://github.com/rubysec/bundler-audit#readme).
Files Types Scanned: Rakefile, \*.gemspec Files Types Scanned: Rakefile, \*.gemspec