added documentation for issue #139

Former-commit-id: 95fdcf4d95cbe50ba884be561fbec0e9977578a0

src/site/markdown/index.md

@@ -12,11 +12,10 @@ The gist of the paper is that we as a development community include third party
 libraries in our applications that contain well known published vulnerabilities
 \(such as those at the [National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\).
 
-Dependency-check scans directories and files and if it contains an Analyzer that
+More information about dependency-check can be found here:
-can scan a particular file type then information from the file is collected. This
+
-information is then used to identify the [Common Platform Enumeration](http://nvd.nist.gov/cpe.cfm) \(CPE\). If a
+* (How does dependency-check work)[internals.html]
-CPE is identified a listing of associated [Common Vulnerability and Exposure](http://cve.mitre.org/) \(CVE\)
+* (How to read the report)[thereport.html]
-entries are listed in a report.
 
 **IMPORTANT NOTE**: Dependency-check automatically updates itself using the NVD Data Feeds hosted by
 NIST. **The initial download of the data may take fifteen minutes

src/site/site.xml

@@ -72,6 +72,12 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
 
         <menu ref="reports" />
         <menu name="General">
+            <item name="How it Works" href="./internals.html">
+                <description>How does dependency-check work?</description>
+            </item>
+            <item name="Reading the Report" href="./thereport.html">
+                <description>How to read the report</description>
+            </item>
             <item name="False Positives" href="./suppression.html">
                 <description>Suppressing False Positives</description>
             </item>