github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-20 16:24:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #243 from dwvisser/docs-index-update

Browse Source 
Add Python, .NET to project description, fixed broken links

Former-commit-id: f192013295457df2d53853e27bc2cbcc8f09ef7b
This commit is contained in:
Jeremy Long
2015-06-05 06:51:45 -04:00
parent f6afea0004 712252eb6b
commit b2019d7633
1 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/site/markdown/index.md
View File

@@ -1,21 +1,23 @@
About About
==================== ====================
OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: [A9 - OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry:
Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities). [A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java applications (and their Dependency-check can currently be used to scan Java, .NET and Python
dependent libraries) to identify known vulnerable components. applications (and their dependent libraries) to identify known vulnerable
components.
The problem with using known vulnerable components was covered in a paper by Jeff The problem with using known vulnerable components was covered in a paper by
Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of Insecure Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of
Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)" (registration required). Insecure Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)"
The gist of the paper is that we as a development community include third party (registration required). The gist of the paper is that we as a development
libraries in our applications that contain well known published vulnerabilities community include third party libraries in our applications that contain well
\(such as those at the [National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\). known published vulnerabilities \(such as those at the
[National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\).
More information about dependency-check can be found here: More information about dependency-check can be found here:
* [How does dependency-check work](./internals.html) * [How does dependency-check work](general/internals.html)
* [How to read the report](./thereport.html) * [How to read the report](general/thereport.html)
* [The OWASP dependency-check mailing list](./mail-lists.html) * [The OWASP dependency-check mailing list](./mail-lists.html)
OWASP dependency-check's core analysis engine can be used as: OWASP dependency-check's core analysis engine can be used as: