github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-05-11 01:20:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

version 1.2.7 of site documentation

Browse Source
This commit is contained in:
Jeremy Long
2014-12-08 06:45:24 -05:00
parent 3b0099eb60
commit 76eae18547
3165 changed files with 15813 additions and 490978 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
dependency-check-core/index.html
View File

@@ -9,7 +9,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20141207" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - About</title>
<title>dependency-check-core - About</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
<link rel="stylesheet" href="./css/site.css" />
<link rel="stylesheet" href="./css/print.css" media="print" />
@@ -42,7 +42,7 @@
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<h2>dependency-check</h2>
<h2>dependency-check-core</h2>
</div>
</div>
<div class="pull-right"> </div>
@@ -54,9 +54,14 @@
<li class="">
<a href="#" title="">
<a href="../../../../../../../../../../../../c:/Users/jeremy/Documents/NetBeansProjects/DependencyCheck/target/site/1.2.7/#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="">
<a href="../index.html" title="dependency-check">
dependency-check</a>
<span class="divider">/</span>
</li>
<li class="active ">About</li>
@@ -78,7 +83,7 @@
<ul class="nav nav-list">
<li class="nav-header">Project Documentation</li>
<li>
<a href="project-info.html" title="Project Information">
@@ -98,41 +103,6 @@
Project Summary</a>
</li>
<li>
<a href="mail-lists.html" title="Mailing Lists">
<i class="none"></i>
Mailing Lists</a>
</li>
<li>
<a href="issue-tracking.html" title="Issue Tracking">
<i class="none"></i>
Issue Tracking</a>
</li>
<li>
<a href="modules.html" title="Project Modules">
<i class="none"></i>
Project Modules</a>
</li>
<li>
<a href="team-list.html" title="Project Team">
<i class="none"></i>
Project Team</a>
</li>
<li>
<a href="source-repository.html" title="Source Repository">
<i class="none"></i>
Source Repository</a>
</li>
<li>
<a href="license.html" title="Project License">
@@ -141,128 +111,13 @@
</li>
</ul>
</li>
<li class="nav-header">General</li>
<li>
<a href="internals.html" title="How it Works">
<i class="none"></i>
How it Works</a>
</li>
<li>
<a href="thereport.html" title="Reading the Report">
<i class="none"></i>
Reading the Report</a>
</li>
<li>
<a href="suppression.html" title="False Positives">
<i class="none"></i>
False Positives</a>
</li>
<li>
<a href="dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
Project Presentation (pptx)</a>
</li>
<li>
<a href="dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
Project Presentation (pdf)</a>
</li>
<li>
<a href="SampleReport.html" title="Sample Report">
<i class="none"></i>
Sample Report</a>
</li>
<li class="nav-header">File Type Analyzers</li>
<li>
<a href="archive-analyzer.html" title="Archive Analyzer">
<i class="none"></i>
Archive Analyzer</a>
</li>
<li>
<a href="jar-analyzer.html" title="Jar Analyzer">
<i class="none"></i>
Jar Analyzer</a>
</li>
<li>
<a href="nexus-analyzer.html" title="Nexus Analyzer">
<i class="none"></i>
Nexus Analyzer</a>
</li>
<li>
<a href="assembly-analyzer.html" title="Assembly Analyzer">
<i class="none"></i>
Assembly Analyzer</a>
</li>
<li>
<a href="nuspec-analyzer.html" title="Nuspec Analyzer">
<i class="none"></i>
Nuspec Analyzer</a>
</li>
<li class="nav-header">Modules</li>
<li>
<a href="dependency-check-cli/installation.html" title="dependency-check-cli">
<i class="none"></i>
dependency-check-cli</a>
</li>
<li>
<a href="dependency-check-ant/installation.html" title="dependency-check-ant">
<i class="none"></i>
dependency-check-ant</a>
</li>
<li>
<a href="dependency-check-maven/usage.html" title="dependency-check-maven">
<i class="none"></i>
dependency-check-maven</a>
</li>
<li>
<a href="dependency-check-jenkins/index.html" title="dependency-check-jenkins">
<i class="none"></i>
dependency-check-jenkins</a>
</li>
<li>
<a href="dependency-check-core/index.html" title="dependency-check-core">
<i class="none"></i>
dependency-check-core</a>
</li>
<li>
<a href="dependency-check-utils/index.html" title="dependency-check-utils">
<i class="none"></i>
dependency-check-utils</a>
</li>
<a href="project-reports.html" title="Project Reports">
<i class="icon-chevron-right"></i>
Project Reports</a>
</li>
</ul>
@@ -274,7 +129,7 @@
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git/dependency-check-core" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
@@ -306,28 +161,19 @@
<div id="bodyColumn" class="span9" >
<h1>About</h1>
<p>Dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java applications (and their dependent libraries) to identify known vulnerable components.</p>
<p>The problem with using known vulnerable components was covered in a paper by Jeff Williams and Arshan Dabirsiaghi titled, &#x201c;<a class="externalLink" href="http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&amp;__hssc=92971330.1.1412763139545&amp;__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&amp;hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5">The Unfortunate Reality of Insecure Libraries</a>&#x201d; (registration required). The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the <a class="externalLink" href="http://web.nvd.nist.gov/view/vuln/search">National Vulnerability Database</a>).</p>
<p>More information about dependency-check can be found here:</p>
<p>Dependency-check-core is the primary library that contains analyzers used to scan (java) application dependencies. The purpose of the analysis is to identify the library used and subsequently report on any CVE entries related to the library.</p>
<p>The core engine can be extended by implementing new Analyzers; see the project <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/wiki/Making-a-new-Analyzer">wiki</a> for details.</p>
<p>The engine is currently exposed via:</p>
<ul>
<li><a href="./internals.html">How does dependency-check work</a></li>
<li><a href="../dependency-check-cli/installation.html">Command Line Tool</a></li>
<li><a href="./thereport.html">How to read the report</a></li>
</ul>
<p><b>IMPORTANT NOTE</b>: Dependency-check automatically updates itself using the NVD Data Feeds hosted by NIST. <b>The initial download of the data may take fifteen minutes or more</b>, if you run the tool at least once every seven days only a small XML file needs to be downloaded to keep the local copy of the data current.</p>
<p>Dependency-check&#x2019;s core analysis library is exposed in various forms:</p>
<ul>
<li><a href="../dependency-check-maven/usage.html">Maven Plugin</a></li>
<li><a href="dependency-check-cli/index.html">Command Line Tool</a></li>
<li><a href="../dependency-check-ant/installation.html">Ant Task</a></li>
<li><a href="dependency-check-maven/usage.html">Maven Plugin</a></li>
<li><a href="dependency-check-ant/installation.html">Ant Task</a></li>
<li><a href="dependency-check-jenkins/index.html">Jenkins Plugin</a></li>
<li><a href="../dependency-check-jenkins/index.html">Jenkins Plugin</a></li>
</ul>
</div>
</div>