github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Added Ruby and Node.js to landing page. Added table row for Node.js in Analyzers list.

Browse Source
This commit is contained in:
Dale Visser
2015-08-26 12:27:38 -04:00
parent acd4b4371d
commit 61ac81518a
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/site/markdown/analyzers/index.md
View File

@@ -11,6 +11,7 @@ to extract identification information from the files analyzed.
| [Central Analyzer](./central-analyzer.html) | Java archive files (\*.jar) | Searches Maven Central or a configured Nexus repository for the file's SHA1 hash. |
| [Jar Analyzer](./jar-analyzer.html) | Java archive files (\*.jar); Web application archive (\*.war) | Examines archive manifest metadata, and Maven Project Object Model files (pom.xml). |
| [Nexus Analyzer](./nexus-analyzer.html) | Java archive files (\*.jar) | Searches Sonatype or a configured Nexus repository for the file's SHA1 hash. In most cases, superceded by Central Analyzer. |
| [Node.js Package Analyzer](./nodejs-analyzer.html) | NPM package specification files (package.json) | Parse JSON format for metadata. |
| [Nuspec Analyzer](./nuspec-analyzer.html) | Nuget package specification file (\*.nuspec) | Uses XPath to parse specification XML. |
| [OpenSSL Analyzer](./openssl-analyzer.html) | OpenSSL Version Source Header File (opensslv.h) | Regex parse of the OPENSSL_VERSION_NUMBER macro definition. |
| [Python Analyzer](./python-analyzer.html) | Python source files (\*.py); Package metadata files (PKG-INFO, METADATA); Package Distribution Files (\*.whl, \*.egg, \*.zip) | Regex scan of Python source files for setuptools metadata; Parse RFC822 header format for metadata in all other artifacts. |

10
src/site/markdown/index.md
View File

@@ -2,11 +2,11 @@ About
====================
OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry:
[A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java, .NET, and Python
applications (and their dependent libraries) to identify known vulnerable
components. In addition, Dependency-check can be used to scan some source
code, including OpenSSL source code and source code for projects that use
Autoconf.
Dependency-check can currently be used to scan Java, .NET, Python, Ruby and
Node.js applications (and their dependent libraries) to identify known
vulnerable components. In addition, Dependency-check can be used to scan some
source code, including OpenSSL source code and source code for projects that
use Autoconf.
The problem with using known vulnerable components was covered in a paper by
Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of