Refresh project links/docs

index.md

@@ -14,10 +14,10 @@ Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to
 
 ## Introduction
 
-The OWASP Top 10 2013 contains a new entry: A9-Using Components with Known Vulnerabilities. Dependency Check can currently be used to scan applications (and their dependent libraries) to identify any known vulnerable components.
+The OWASP Top 10 2013 contained a new entry: A9-Using Components with Known Vulnerabilities. Dependency-Check was created as one of the earliest SCA tools to scan applications (and their dependent libraries) and identify any known vulnerable components.
 
-The problem with using known vulnerable components was described very well in a paper by Jeff Williams and Arshan Dabirsiaghi titled, "[Unfortunate Reality of Insecure Libraries](https://cdn2.hubspot.net/hub/203759/file-1100864196-pdf/docs/Contrast_-_Insecure_Libraries_2014.pdf)". The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the [National Vulnerability Database](https://nvd.nist.gov/vuln/search)).
+The problem with using known vulnerable components was described very well in a paper by Jeff Williams and Arshan Dabirsiaghi titled, "[Unfortunate Reality of Insecure Libraries](https://www.scribd.com/document/175866686/Aspect-Security-the-Unfortunate-Reality-of-Insecure-Libraries)". The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the [National Vulnerability Database](https://nvd.nist.gov/vuln/search)).
 
-Dependency-check has a command line interface, a Maven plugin, an Ant task, and a Jenkins plugin. The core engine contains a series of analyzers that inspect the project dependencies, collect pieces of information about the dependencies (referred to as evidence within the tool). The evidence is then used to identify the [Common Platform Enumeration (CPE)](https://nvd.nist.gov/products/cpe) for the given dependency. If a CPE is identified, a listing of associated [Common Vulnerability and Exposure (CVE)](https://cve.mitre.org/) entries are listed in a report. Other 3rd party services and data sources such as the NPM Audit API, the OSS Index, RetireJS, and Bundler Audit are utilized for specific technologies.
+Dependency-Check has a command line interface, a Maven plugin, a Gradle plugin, an Ant task and a number of integrations with build tooling such as Jenkins, GitHub Actions and Azure DevOps. The core engine contains a series of analyzers that inspect the project dependencies, collect pieces of information about the dependencies (referred to as evidence within the tool). The evidence is then used to identify the [Common Platform Enumeration (CPE)](https://nvd.nist.gov/products/cpe) for the given dependency. If a CPE is identified, a listing of associated [Common Vulnerability and Exposure (CVE)](https://www.cve.org/) entries are listed in a report. Other 3rd party services and data sources such as the NPM Audit API, the OSS Index, RetireJS, and Bundler Audit are utilized for specific technologies.
 
-Dependency-check automatically updates itself using the [NVD Data Feeds](https://nvd.nist.gov/vuln/data-feeds) hosted by NIST. '''IMPORTANT NOTE:''' The initial download of the data may take ten minutes or more. If you run the tool at least once every seven days, only a small JSON file needs to be downloaded to keep the local copy of the data current.
+Dependency-Check automatically updates itself using the [NVD Data Feeds](https://nvd.nist.gov/vuln/data-feeds) hosted by NIST. '''IMPORTANT NOTE:''' The initial download of the data may take ten minutes or more. If you run the tool at least once every seven days, only a small JSON file needs to be downloaded to keep the local copy of the data current.

info.md

@@ -9,40 +9,43 @@
 
 ### Downloads
 
-Version 12.1.0
-* [Command Line](https://github.com/dependency-check/DependencyCheck/releases/download/v12.1.0/dependency-check-12.1.0-release.zip)
-* [Ant Task](https://github.com/dependency-check/DependencyCheck/releases/download/v12.1.0/dependency-check-ant-12.1.0-release.zip)
-* [Maven Plugin](https://search.maven.org/#artifactdetails%7Corg.owasp%7Cdependency-check-maven%7C12.1.0%7Cmaven-plugin)
-* [Gradle Plugin](https://search.maven.org/#artifactdetails%7Corg.owasp%7Cdependency-check-gradle%7C12.1.0%7Cgradle-plugin)
-* [Mac Homebrew](https://brew.sh/):<br><code>brew update && brew install dependency-check</code>
-
-Other Plugins
-* [Jenkins Plugin](https://plugins.jenkins.io/dependency-check-jenkins-plugin)
-* [SBT Plugin](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22net.vonbuchholtz%22%20a%3A%22sbt-dependency-check%22)
-* [lein-dependency-check](https://github.com/livingsocial/lein-dependency-check)
+Version 12.1.8
+* [Command Line](https://github.com/dependency-check/DependencyCheck/releases/download/v12.1.8/dependency-check-12.1.8-release.zip) ([docs](https://dependency-check.github.io/DependencyCheck/dependency-check-cli/index.html))
+* [Maven Plugin](https://central.sonatype.com/artifact/org.owasp/dependency-check-maven/12.1.8) ([docs](https://dependency-check.github.io/DependencyCheck/dependency-check-maven/index.html))
+* [Gradle Plugin](https://plugins.gradle.org/plugin/org.owasp.dependencycheck/12.1.8) ([docs](https://dependency-check.github.io/DependencyCheck/dependency-check-gradle/index.html))
+* [Ant Task](https://github.com/dependency-check/DependencyCheck/releases/download/v12.1.8/dependency-check-ant-12.1.8-release.zip) ([docs](https://dependency-check.github.io/DependencyCheck/dependency-check-ant/index.html))
+* [Mac Homebrew](https://formulae.brew.sh/formula/dependency-check)
+* [Container image](https://hub.docker.com/r/owasp/dependency-check)
+
+Unofficial (Not endorsed by OWASP)
+* [SBT Plugin](https://github.com/nMoncho/sbt-dependency-check)
+* [Leiningen Plugin](https://github.com/livingsocial/lein-dependency-check)
 
 ### Integrations
 
-* [SonarQube Plugin](https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin)
-* [Circle CI Orb](https://github.com/entur/owasp-orb)
-
-### External Resources
-
-* [GitHub](https://github.com/dependency-check/DependencyCheck)
-* [Gradle Source](https://github.com/dependency-check/dependency-check-gradle)
-* [SBT Source](https://github.com/albuch/sbt-dependency-check)
-* [Jenkins Source](https://github.com/jenkinsci/dependency-check-plugin)
-* [Ohloh](https://www.ohloh.net/p/dependencycheck)
-* [Bintray](https://bintray.com/jeremy-long/owasp)
+* [SonarQube Plugin](https://github.com/dependency-check/dependency-check-sonar-plugin)
+* [Jenkins Plugin](https://plugins.jenkins.io/dependency-check-jenkins-plugin)
+* [GitHub Actions](https://github.com/dependency-check/Dependency-Check_Action)
+* [Azure DevOps Extension](https://marketplace.visualstudio.com/items?itemName=dependency-check.dependencycheck)
 
 ### Documentation
 
-* [Documentation (on GitHub)](https://dependency-check.github.io/DependencyCheck/)
+* [Documentation](https://dependency-check.github.io/DependencyCheck/)
 
 ### Support
 
 * [GitHub Issues](https://github.com/dependency-check/DependencyCheck/issues)
 
+### Development
+
+Supported by the core dependency-check team:
+* [Source Code](https://github.com/dependency-check/DependencyCheck)
+* [Gradle Plugin Source](https://github.com/dependency-check/dependency-check-gradle)
+
+Community supported:
+* [Jenkins Plugin Source](https://github.com/jenkinsci/dependency-check-plugin)
+* [Azure DevOps Extension Source](https://github.com/dependency-check/azuredevops)
+
 ### Presentation
 
 * [dependency-check (PDF)](https://dependency-check.github.io/DependencyCheck/general/dependency-check.pdf)