mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
237 lines
9.1 KiB
HTML
237 lines
9.1 KiB
HTML
<!DOCTYPE html>
|
|
<!--
|
|
| Generated by Apache Maven Doxia at 2013-08-07
|
|
| Rendered using Apache Maven Fluido Skin 1.3.0
|
|
-->
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<meta name="Date-Revision-yyyymmdd" content="20130807" />
|
|
<meta http-equiv="Content-Language" content="en" />
|
|
<title>dependency-check - </title>
|
|
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
|
|
<link rel="stylesheet" href="./css/site.css" />
|
|
<link rel="stylesheet" href="./css/print.css" media="print" />
|
|
|
|
|
|
<script type="text/javascript" src="./js/apache-maven-fluido-1.3.0.min.js"></script>
|
|
|
|
|
|
|
|
<style type="text/css">#bannerLeft { margin-top:50px !important }</style>
|
|
|
|
</head>
|
|
<body class="topBarDisabled">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<a href="http://github.com/jeremylong/DependencyCheck">
|
|
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
|
|
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
|
|
alt="Fork me on GitHub">
|
|
</a>
|
|
|
|
|
|
|
|
|
|
<div class="container-fluid">
|
|
<div id="banner">
|
|
<div class="pull-left">
|
|
<div id="bannerLeft">
|
|
<h2>dependency-check</h2>
|
|
</div>
|
|
</div>
|
|
<div class="pull-right"> </div>
|
|
<div class="clear"><hr/></div>
|
|
</div>
|
|
|
|
<div id="breadcrumbs">
|
|
<ul class="breadcrumb">
|
|
|
|
|
|
<li class="">
|
|
<a href="#" title="">
|
|
</a>
|
|
</li>
|
|
<li class="divider ">/</li>
|
|
<li class=""></li>
|
|
|
|
|
|
|
|
<li id="publishDate" class="pull-right">Last Published: 2013-08-07</li> <li class="divider pull-right">|</li>
|
|
<li id="projectVersion" class="pull-right">Version: 1.0.1</li>
|
|
|
|
</ul>
|
|
</div>
|
|
|
|
|
|
<div class="row-fluid">
|
|
<div id="leftColumn" class="span3">
|
|
<div class="well sidebar-nav">
|
|
|
|
|
|
<ul class="nav nav-list">
|
|
<li class="nav-header">Project Documentation</li>
|
|
|
|
<li>
|
|
|
|
<a href="project-info.html" title="Project Information">
|
|
<i class="icon-chevron-down"></i>
|
|
Project Information</a>
|
|
<ul class="nav nav-list">
|
|
|
|
<li class="active">
|
|
|
|
<a href="#"><i class="none"></i>About</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="project-summary.html" title="Project Summary">
|
|
<i class="none"></i>
|
|
Project Summary</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="mail-lists.html" title="Mailing Lists">
|
|
<i class="none"></i>
|
|
Mailing Lists</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="issue-tracking.html" title="Issue Tracking">
|
|
<i class="none"></i>
|
|
Issue Tracking</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="modules.html" title="Project Modules">
|
|
<i class="none"></i>
|
|
Project Modules</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="team-list.html" title="Project Team">
|
|
<i class="none"></i>
|
|
Project Team</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="source-repository.html" title="Source Repository">
|
|
<i class="none"></i>
|
|
Source Repository</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="license.html" title="Project License">
|
|
<i class="none"></i>
|
|
Project License</a>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li class="nav-header">Modules</li>
|
|
|
|
<li>
|
|
|
|
<a href="dependency-check-core/index.html" title="dependency-check-core">
|
|
<i class="none"></i>
|
|
dependency-check-core</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="dependency-check-cli/index.html" title="dependency-check-cli">
|
|
<i class="none"></i>
|
|
dependency-check-cli</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="dependency-check-ant/index.html" title="dependency-check-ant">
|
|
<i class="none"></i>
|
|
dependency-check-ant</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="dependency-check-maven/index.html" title="dependency-check-maven">
|
|
<i class="none"></i>
|
|
dependency-check-maven</a>
|
|
</li>
|
|
</ul>
|
|
|
|
|
|
|
|
<hr class="divider" />
|
|
|
|
<div id="poweredBy">
|
|
<div class="clear"></div>
|
|
<div class="clear"></div>
|
|
|
|
|
|
|
|
<div id="twitter">
|
|
|
|
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
|
|
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
|
|
|
|
</div>
|
|
<div class="clear"></div>
|
|
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
|
|
<img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
|
|
</a>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div id="bodyColumn" class="span9" >
|
|
|
|
<h1>About</h1>
|
|
<p>Dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java applications (and their dependent libraries) to identify known vulnerable components.</p>
|
|
<p>The problem with using known vulnerable components was covered in a paper by Jeff Williams and Arshan Dabirsiaghi titled, “<a class="externalLink" href="https://www.aspectsecurity.com/uploads/downloads/2012/03/Aspect-Security-The-Unfortunate-Reality-of-Insecure-Libraries.pdf">The Unfortunate Reality of Insecure Libraries</a>”. The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the <a class="externalLink" href="http://web.nvd.nist.gov/view/vuln/search">National Vulnerability Database</a>).</p>
|
|
<p>Dependency-check scans directories and files and if it contains an Analyzer that can scan a particular file type then information from the file is collected. This information is then used to identify the <a class="externalLink" href="http://nvd.nist.gov/cpe.cfm">Common Platform Enumeration</a> (CPE). If a CPE is identified a listing of associated <a class="externalLink" href="http://cve.mitre.org/">Common Vulnerability and Exposure</a> (CVE) entries are listed in a report.</p>
|
|
<p><b>IMPORTANT NOTE</b>: Dependency-check automatically updates itself using the NVD Data Feeds hosted by NIST. <b>The initial download of the data may take fifteen minutes or more</b>, if you run the tool at least once every seven days only a small XML file needs to be downloaded to keep the local copy of the data current.</p>
|
|
<p>Dependency-check’s core analysis library is exposed in various forms:</p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="dependency-check-cli/index.html">Command Line Tool</a></li>
|
|
|
|
<li><a href="dependency-check-maven/usage.html">Maven Plugin</a></li>
|
|
|
|
<li><a href="dependency-check-ant/installation.html">Ant Task</a></li>
|
|
|
|
<li>Jenkins Plugin</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<hr/>
|
|
|
|
<footer>
|
|
<div class="container-fluid">
|
|
<div class="row span12">Copyright © 2012-2013
|
|
<a href="http://www.owasp.org">OWASP</a>.
|
|
All Rights Reserved.
|
|
|
|
</div>
|
|
|
|
|
|
|
|
</div>
|
|
</footer>
|
|
</body>
|
|
</html>
|