fix for issue #937

src/site/markdown/analyzers/index.md

@@ -32,3 +32,14 @@ several teams have found them useful in their current state.
 | [Python](./python.html) | Python source files (\*.py); Package metadata files (PKG-INFO, METADATA); Package Distribution Files (\*.whl, \*.egg, \*.zip) | Regex scan of Python source files for setuptools metadata; Parse RFC822 header format for metadata in all other artifacts. |
 | [Ruby Gemspec](./ruby-gemspec.html) | Ruby makefiles (Rakefile); Ruby Gemspec files (\*.gemspec) | Regex scan Gemspec initialization blocks for metadata. |
 | [SWIFT](./swift.html) | SWIFT Package Manager's `Package.swift` | Extracts dependency information from swift package file. |
+
+Retired Analyzers
+----------------------
+The following analyzers can be enabled by enabling the _retired_ configuration
+option; see the documentation for the CLI, Ant, Maven, etc. for more information.
+These analyzers have been retired due to the higher false positive and
+false negative rates.
+
+| Analyzer | File Types Scanned | Analysis Method |
+| -------- | ------------------ | --------------- |
+| [Node.js](./nodejs.html) | NPM package specification files (package.json) | Parse JSON format for metadata. |

src/site/markdown/analyzers/nodejs.md

@@ -1,9 +1,8 @@
 Node.js Analyzer
 ================
 
-*Experimental*: This analyzer is considered experimental. While this analyzer may 
-be useful and provide valid results more testing must be completed to ensure that
-the false negative/false positive rates are acceptable. 
+*Retired*: This analyzer has been retired due to an extremely high false positive
+rate. 
 
 OWASP dependency-check includes an analyzer that will scan [Node Package Manager](https://www.npmjs.com/)
 package specification files. The analyzer will collect as much information as
@@ -12,8 +11,4 @@ as evidence and is grouped into vendor, product, and version buckets. Other
 analyzers later use this evidence to identify any Common Platform Enumeration
 (CPE) identifiers that apply.
 
-*Note*: Consider using [Retire.js](http://retirejs.github.io/retire.js/) or the
-Node Security Project auditing tool, [nsp](https://nodesecurity.io/tools) instead
-of, or in addition to OWASP dependency-check to analyze Node.js packages.
-
 Files Types Scanned: [package.json](https://docs.npmjs.com/files/package.json)

src/site/markdown/dependency-check-gradle/configuration.md

@@ -121,12 +121,13 @@ analyzers    | pathToMono            | The path to Mono for .NET assembly analys
 analyzers    | cmakeEnabled          | Sets whether or not the [experimental](../analyzers/index.html) CMake Analyzer should be used.                    | true
 analyzers    | autoconfEnabled       | Sets whether or not the [experimental](../analyzers/index.html) autoconf Analyzer should be used.                 | true
 analyzers    | composerEnabled       | Sets whether or not the [experimental](../analyzers/index.html) PHP Composer Lock File Analyzer should be used.   | true
-analyzers    | nodeEnabled           | Sets whether or not the [experimental](../analyzers/index.html) Node.js Analyzer should be used.                  | true
+analyzers    | nodeEnabled           | Sets whether or not the [retired](../analyzers/index.html) Node.js Analyzer should be used.                  | true
 analyzers    | nspEnabled            | Sets whether the NSP Analyzer should be used.                                                                     | true
 analyzers    | cocoapodsEnabled      | Sets whether or not the [experimental](../analyzers/index.html) Cocoapods Analyzer should be used.                | true
 analyzers    | swiftEnabled          | Sets whether or not the [experimental](../analyzers/index.html) Swift Package Manager Analyzer should be used.    | true
 analyzers    | bundleAuditEnabled    | Sets whether or not the [experimental](../analyzers/index.html) Ruby Bundle Audit Analyzer should be used.        | true
 analyzers    | pathToBundleAudit     | The path to bundle audit.                                                                                         |  
+analyzers    | retiredEnabled        | Sets whether the [retired analyzers](../analyzers/index.html) will be used. If not set to true the analyzers marked as experimental (see below) will not be used | false
 
 #### Example
 ```groovy