github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 01:51:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated documentation

Browse Source
This commit is contained in:
Jeremy Long
2016-06-11 08:12:09 -04:00
parent 8680ecd033
commit 7e8749146e
1 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/site/markdown/index.md
View File

@@ -2,11 +2,14 @@ About
==================== ====================
OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry:
[A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities). [A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java, .NET, Python, Ruby (gemspec), PHP (composer), and Dependency-check can currently be used to scan Java and .NET applications to
Node.js applications (and their dependent libraries) to identify known identify the use of known vulnerable components. Experimental analyzers for
vulnerable components. In addition, Dependency-check can be used to scan some Python, Ruby, PHP (composer), and Node.js applications; these are experimental
source code, including OpenSSL source code and projects that use due to the possible false positive and false negative rates. To use the experimental
[Autoconf](https://www.gnu.org/software/autoconf/) or analyzers they must be specifically enabled via the appropriate _experimental_
configuration. In addition, dependency-check has experimental analyzers that can
be used to scan some C/C++ source code, including OpenSSL source code and projects
that use [Autoconf](https://www.gnu.org/software/autoconf/) or
[CMake](http://www.cmake.org/overview/). [CMake](http://www.cmake.org/overview/).
The problem with using known vulnerable components was covered in a paper by The problem with using known vulnerable components was covered in a paper by
@@ -30,3 +33,10 @@ OWASP dependency-check's core analysis engine can be used as:
- [Ant Task](dependency-check-ant/index.html) - [Ant Task](dependency-check-ant/index.html)
- [Gradle Plugin](dependency-check-gradle/index.html) - [Gradle Plugin](dependency-check-gradle/index.html)
- [Jenkins Plugin](dependency-check-jenkins/index.html) - [Jenkins Plugin](dependency-check-jenkins/index.html)
For help with dependency-check the following resource can be used:
- Post to the [google group](https://groups.google.com/forum/#!forum/dependency-check):
[subscribe](mailto://dependency-check+subscribe@googlegroups.com),
[post](mailto://dependency-check@googlegroups.com),
- Open a [github issue](https://github.com/jeremylong/DependencyCheck/issues)