Skip to content

Commit

Permalink
Merge pull request #4393 from jeremylong/docUpdate
Browse files Browse the repository at this point in the history
Minor doc update
  • Loading branch information
jeremylong authored Apr 22, 2022
2 parents 1d0e765 + 501413a commit 4c355fa
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 9 deletions.
2 changes: 1 addition & 1 deletion src/site/markdown/analyzers/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ to extract identification information from the files analyzed.
| Analyzer | File Types Scanned | Analysis Method |
| -------- | ------------------ | --------------- |
| [Archive](./archive-analyzer.html) | Zip archive format (\*.zip, \*.ear, \*.war, \*.jar, \*.sar, \*.apk, \*.nupkg); Tape Archive Format (\*.tar); Gzip format (\*.gz, \*.tgz); Bzip2 format (\*.bz2, \*.tbz2); RPM format (\*.rpm) | Extracts archive contents, then scans contents with all available analyzers. |
| [Assembly](./assembly-analyzer.html) | .NET Assemblies (\*.exe, \*.dll) | Uses [GrokAssembly.exe](https://github.com/colezlaw/GrokAssembly), which requires .NET Framework or Mono runtime to be installed. |
| [Assembly](./assembly-analyzer.html) | .NET Assemblies (\*.exe, \*.dll) | Uses [GrokAssembly.exe](https://github.com/colezlaw/GrokAssembly); requires the dotnet core 6.0 runtime to be installed. |
| [Jar](./jar-analyzer.html) | Java archive files (\*.jar); Web application archive (\*.war) | Examines archive manifest metadata, and Maven Project Object Model files (pom.xml). |
| [RetireJS](./retirejs-analyzer.html) | JavaScript files | Analyzes JavaScript files using the [RetireJS](https://github.com/RetireJS/retire.js) database. |
| [Node.js](./nodejs.html) | NPM package specification files (package.json) | Parses the package.json to gather a bill-of-materials for a Node JS project. |
Expand Down
14 changes: 6 additions & 8 deletions src/site/markdown/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,13 @@ About
====================
OWASP dependency-check is an open source solution to the OWASP Top 10 2021 entry:
[A06:2021 – Vulnerable and Outdated Components](https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/).
Dependency-check can currently be used to scan Java and .NET applications to
identify the use of known vulnerable components. Experimental analyzers for
Python, Ruby, PHP (composer), and Node.js applications; these are experimental
due to the possible false positive and false negative rates. To use the experimental
Dependency-check can currently be used to scan software to identify the use of
known vulnerable components. For a full list of supported languages/technologies
please see the [File Type Analyzer](analyzers/index.html)
page). Note that some of the analyzers are experimental and may produce more false
positive and false negative rates. To use the experimental
analyzers they must be specifically enabled via the appropriate _experimental_
configuration. In addition, dependency-check has experimental analyzers that can
be used to scan some C/C++ source code, including OpenSSL source code and projects
that use [Autoconf](https://www.gnu.org/software/autoconf/) or
[CMake](http://www.cmake.org/overview/).
configuration.

The problem with using known vulnerable components was covered in a paper by
Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of
Expand Down

0 comments on commit 4c355fa

Please sign in to comment.