github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

documentation update

Browse Source
This commit is contained in:
Jeremy Long
2017-07-21 06:35:30 -04:00
parent 0183457b7a
commit f3580dece7
3 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/site/markdown/analyzers/bundle-audit.md
View File

@@ -5,6 +5,9 @@ OWASP dependency-check includes an analyzer that will execute [bundle-audit](htt
and include the results in the dependency-check report. This is useful for multi-language
projects and merging the results of multiple software composition analysis tools.
**NOTE** - it is important to run `bundle-audit update` occasionally to keep the bundle-audit
database current. ATM - dependency-check does **not** perform the `bundle-audit update` automatically.
```shell
$ sudo gem install bundler-audit
$ bundle-audit update

2
src/site/markdown/analyzers/index.md
View File

@@ -12,7 +12,7 @@ to extract identification information from the files analyzed.
| [NSP](./nsp-analyzer.html) | [Node Security Project](https://nodesecurity.io) is used to analyze Node.js' `package.json` files for known vulnerable packages.|
| [Nuspec](./nuspec-analyzer.html) | Nuget package specification file (\*.nuspec) | Uses XPath to parse specification XML. |
| [OpenSSL](./openssl.html) | OpenSSL Version Source Header File (opensslv.h) | Regex parse of the OPENSSL_VERSION_NUMBER macro definition. |
| [Ruby bundle-audit](./bundle-audit.html) | Ruby Gemfile.lcok files | Executes bundle-audit and incorporates the results into the dependency-check report. |
| [Ruby bundler‑audit](./bundle-audit.html) | Ruby `Gemfile.lock` files | Executes bundle-audit and incorporates the results into the dependency-check report. |
Experimental Analyzers
----------------------

4
src/site/markdown/analyzers/ruby-gemspec.md
View File

@@ -14,6 +14,8 @@ evidence to identify any Common Platform Enumeration (CPE) identifiers that
apply.
*Note*: It is highly recommended that Ruby projects use
[bundler-audit](https://github.com/rubysec/bundler-audit#readme).
[bundler-audit](https://github.com/rubysec/bundler-audit#readme). It is possible
to incorporate the results of bundle-audit into the dependency-check report(s) by
using the [bundle-audit analyzer](./bundle-audit.html).
Files Types Scanned: Rakefile, \*.gemspec