github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated documentation

Browse Source
This commit is contained in:
Jeremy Long
2016-06-11 08:12:09 -04:00
parent 8680ecd033
commit 7e8749146e
1 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/site/markdown/index.md
View File

@@ -2,11 +2,14 @@ About
====================
OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry:
[A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java, .NET, Python, Ruby (gemspec), PHP (composer), and
Node.js applications (and their dependent libraries) to identify known
vulnerable components. In addition, Dependency-check can be used to scan some
source code, including OpenSSL source code and projects that use
[Autoconf](https://www.gnu.org/software/autoconf/) or
Dependency-check can currently be used to scan Java and .NET applications to
identify the use of known vulnerable components. Experimental analyzers for
Python, Ruby, PHP (composer), and Node.js applications; these are experimental
due to the possible false positive and false negative rates. To use the experimental
analyzers they must be specifically enabled via the appropriate _experimental_
configuration. In addition, dependency-check has experimental analyzers that can
be used to scan some C/C++ source code, including OpenSSL source code and projects
that use [Autoconf](https://www.gnu.org/software/autoconf/) or
[CMake](http://www.cmake.org/overview/).
The problem with using known vulnerable components was covered in a paper by
@@ -30,3 +33,10 @@ OWASP dependency-check's core analysis engine can be used as:
- [Ant Task](dependency-check-ant/index.html)
- [Gradle Plugin](dependency-check-gradle/index.html)
- [Jenkins Plugin](dependency-check-jenkins/index.html)
For help with dependency-check the following resource can be used:
- Post to the [google group](https://groups.google.com/forum/#!forum/dependency-check):
[subscribe](mailto://dependency-check+subscribe@googlegroups.com),
[post](mailto://dependency-check@googlegroups.com),
- Open a [github issue](https://github.com/jeremylong/DependencyCheck/issues)