version 1.2.4 of site documentation

index.html

@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2014-06-27 
+ | Generated by Apache Maven Doxia at 2014-08-05 
  | Rendered using Apache Maven Fluido Skin 1.3.1
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20140627" />
+    <meta name="Date-Revision-yyyymmdd" content="20140805" />
     <meta http-equiv="Content-Language" content="en" />
     <title>dependency-check - About</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
@@ -62,9 +62,9 @@
         
                 
                     
-                  <li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2014-06-27</li>
+                  <li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2014-08-05</li>
               <li id="projectVersion" class="pull-right">
-                    Version: 1.2.3
+                    Version: 1.2.4
         </li>
             
                             </ul>
@@ -143,6 +143,20 @@
         </li>
                               <li class="nav-header">General</li>
                               
+      <li>
+  
+                          <a href="internals.html" title="How it Works">
+          <i class="none"></i>
+        How it Works</a>
+            </li>
+                
+      <li>
+  
+                          <a href="thereport.html" title="Reading the Report">
+          <i class="none"></i>
+        Reading the Report</a>
+            </li>
+                
       <li>
   
                           <a href="suppression.html" title="False Positives">
@@ -208,13 +222,6 @@
             </li>
                               <li class="nav-header">Modules</li>
                               
-      <li>
-  
-                          <a href="dependency-check-core/index.html" title="dependency-check-core">
-          <i class="none"></i>
-        dependency-check-core</a>
-            </li>
-                
       <li>
   
                           <a href="dependency-check-cli/installation.html" title="dependency-check-cli">
@@ -242,6 +249,20 @@
           <i class="none"></i>
         dependency-check-jenkins</a>
             </li>
+                
+      <li>
+  
+                          <a href="dependency-check-core/index.html" title="dependency-check-core">
+          <i class="none"></i>
+        dependency-check-core</a>
+            </li>
+                
+      <li>
+  
+                          <a href="dependency-check-utils/index.html" title="dependency-check-utils">
+          <i class="none"></i>
+        dependency-check-utils</a>
+            </li>
             </ul>
                 
                     
@@ -287,7 +308,14 @@
             <h1>About</h1>
 <p>Dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java applications (and their dependent libraries) to identify known vulnerable components.</p>
 <p>The problem with using known vulnerable components was covered in a paper by Jeff Williams and Arshan Dabirsiaghi titled, &#x201c;<a class="externalLink" href="https://www.aspectsecurity.com/uploads/downloads/2012/03/Aspect-Security-The-Unfortunate-Reality-of-Insecure-Libraries.pdf">The Unfortunate Reality of Insecure Libraries</a>&#x201d;. The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the <a class="externalLink" href="http://web.nvd.nist.gov/view/vuln/search">National Vulnerability Database</a>).</p>
-<p>Dependency-check scans directories and files and if it contains an Analyzer that can scan a particular file type then information from the file is collected. This information is then used to identify the <a class="externalLink" href="http://nvd.nist.gov/cpe.cfm">Common Platform Enumeration</a> (CPE). If a CPE is identified a listing of associated <a class="externalLink" href="http://cve.mitre.org/">Common Vulnerability and Exposure</a> (CVE) entries are listed in a report.</p>
+<p>More information about dependency-check can be found here:</p>
+
+<ul>
+  
+<li><a href="./internals.html">How does dependency-check work</a></li>
+  
+<li><a href="./thereport.html">How to read the report</a></li>
+</ul>
 <p><b>IMPORTANT NOTE</b>: Dependency-check automatically updates itself using the NVD Data Feeds hosted by NIST. <b>The initial download of the data may take fifteen minutes or more</b>, if you run the tool at least once every seven days only a small XML file needs to be downloaded to keep the local copy of the data current.</p>
 <p>Dependency-check&#x2019;s core analysis library is exposed in various forms:</p>