Initial checkin

build-docs.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+cd docs
+bundle install
+bundle exec jekyll build
+cd ..

dev-docs.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+cd docs
+bundle install
+bundle exec jekyll serve
+cd ..

docs/.gitignore

@@ -0,0 +1,3 @@
+_site/
+.sass-cache/
+.jekyll-metadata

docs/404.md

@@ -0,0 +1,7 @@
+---
+title: Not Found
+permalink: /404.html
+sitemap: false
+---
+
+This page doesn't exist!

docs/Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+gem 'jekyll', '3.7.2'
+
+group :jekyll_plugins do
+  gem 'jekyll-feed', '0.9.3'
+  gem 'jekyll-seo-tag', '2.4.0'
+  gem 'jekyll-sitemap', '1.2.0'
+end

docs/_config.yml

@@ -0,0 +1,77 @@
+# ----
+# Site
+
+title: Dependency-Track
+url: "https://dependencytrack.org"
+baseurl:
+google_analytics_key:
+show_full_navigation: true
+
+# Values for the jekyll-seo-tag gem (https://github.com/jekyll/jekyll-seo-tag)
+logo: /siteicon.png
+description: Product documentation
+author:
+  name: Steve Springett
+  email: steve.springett@owasp.org
+  twitter: stevespringett
+social:
+  name: Dependency-Track
+  links:
+    - https://github.com/stevespringett/dependencytrack
+
+# -----
+# Build
+
+permalink: pretty
+
+plugins:
+  - jekyll-sitemap
+  - jekyll-seo-tag
+  - jekyll-feed
+
+exclude:
+  - Gemfile
+  - Gemfile.lock
+  - README.md
+  - LICENCE
+
+collections:
+  docs:
+    title: Documentation
+    permalink: /:path/
+    output: true
+
+defaults:
+  -
+    scope:
+      path: ""
+    values:
+      layout: default
+  -
+    scope:
+      path: ""
+      type: "docs"
+    values:
+      seo:
+        type: Article
+      _comments:
+        category: Group navigation links with this field
+        order: Used to sort links in the navigation
+      _options:
+        content:
+          width: 800
+          height: 2000
+  -
+    scope:
+      path: ""
+      type: "posts"
+    values:
+      _comments:
+        type: Marks the impact of this release
+
+# -----------
+# CloudCannon
+
+types:
+  - minor
+  - major

docs/_docs/_defaults.md

@@ -0,0 +1,6 @@
+---
+title:
+category:
+chapter: 1
+order: 1
+---

docs/_docs/datasources/nsp.md

@@ -0,0 +1,18 @@
+---
+title: Node Security Platform
+category: Datasources
+chapter: 3
+order: 2
+---
+
+Node Security Platform contains a number of Javascript vulnerabilities, specific to the Node.js 
+platform and supported libraries, that may or may not be documented in the National Vulnerability Database.
+Projects that leverage Node.js will benefit from the Node.js datasource as it provides visibility on
+vulnerabilities specific to the ecosystem.
+
+Dependency-Track integrates with NSP using it's public API. In doing so, Dependency-Track is able
+to create a mirror of all NSP data. The mirror is kept up-to-date on a daily basis, or upon the restarting
+of the Dependency-Track instance.
+
+Credit is provided to the Node Security Platform with visual and textual cues on where the data originated.
+Links back to the original NSP advisories are also provided.

docs/_docs/datasources/nvd.md

@@ -0,0 +1,17 @@
+---
+title: National Vulnerability Database
+category: Datasources
+chapter: 3
+order: 1
+---
+
+The National Vulnerability Database (NVD) is the largest publicly available source of vulnerability intelligence.
+It is maintained by a group within the National Institute of Standards and Technology (NIST) and builds upon the
+work of MITRE and others. Vulnerabilities in the NVD are called Common Vulnerabilities and Exposures (CVE). There
+are over 100,000 CVEs documented in the NVD spanning from the 1990's to the present.
+
+Dependency-Track relies heavily on the data provided by the NVD. Dependency-Track mirrors the entire contents
+of the NVD. The mirror is kept up-to-date on a daily basis, or upon the restarting of the Dependency-Track instance.
+
+Credit is provided to the National Vulnerability Database with visual and textual cues on where the data originated.
+Links back to the original CVE are also provided.

docs/_docs/datasources/vulndb.md

@@ -0,0 +1,57 @@
+---
+title: VulnDB
+category: Datasources
+chapter: 3
+order: 3
+---
+
+VulnDB, a subscription service offered by Risk Based Security, offers a comprehensive and continuously updated 
+source of vulnerability intelligence.
+
+Organizations that consume VulnDB content benefit from data which has been enhanced, corrected, and made available 
+sooner than most other sources of vulnerability intelligence. As a result, Organizations are able to respond quicker
+and with more confidence ion order to reduce risk.
+
+Dependency-Track can leverage VulnDB by incorporating the entire contents of the VulnDB service. In doing so, VulnDB
+data becomes a first-class citizen in Dependency-Track alongside other sources of data.
+
+Credit is provided to VulnDB with visual and textual cues on where the data originated.
+Links back to the original advisory are also provided.
+
+### Setup
+
+* Download the standalone [VulnDB Data Mirror] tool
+* Execute the tool and specify the Dependency-Track vulndb directory as the target
+* Dependency-Track will automatically sync the contents of the vulndb directory every 24 hours (and on startup)
+
+#### Example
+
+```bash
+vulndb-data-mirror.sh \
+    --consumer-key mykey \
+    --consumer-secret mysecret \
+    --dir "~/.dependency-track/vulndb"
+```
+
+When running, the console output will resemble:
+
+```bash
+VulnDB API Status:
+--------------------------------------------------------------------------------
+Organization Name.............: Example Inc.
+Name of User Requesting.......: Jane Doe
+Email of User Requesting......: jane@example.com
+Subscription Expiration Date..: 2018-12-31
+API Calls Allowed per Month...: 25000
+API Calls Made This Month.....: 1523
+--------------------------------------------------------------------------------
+
+Mirroring Vendors feed...
+  Processing 18344 of 18344 results
+Mirroring Products feed...
+  Processing 136853 of 136853 results
+Mirroring Vulnerabilities feed...
+  Processing 142500 of 166721 results
+```
+
+[VulnDB Data Mirror]: https://github.com/stevespringett/vulndb-data-mirror

docs/_docs/getting-started/configuration.md

@@ -0,0 +1,162 @@
+---
+title: Configuration
+category: Getting Started
+chapter: 1
+order: 4
+---
+
+The central configuration file `application.properties` resides in the classpath of the WAR by default. 
+This configuration file controls many performance tuning parameters but is most useful for defining
+optional external database sources, directory services (LDAP), and proxy settings.
+
+Dependency-Track administrators are highly encouraged to create a copy of this file in the
+Dependency-Track data directory and customize it prior to deploying to production.
+
+
+> The default embedded H2 database is designed to quickly evaluate and experiment with Dependency-Track.
+> Do not use the embedded H2 database in production environments.
+
+
+To start Dependency-Track using custom configuration, add the system property 
+`alpine.application.properties` when executing. For example:
+
+```bash
+-Dalpine.application.properties=~/.dependency-track/application.properties
+```
+
+#### Default configuration
+
+```ini
+############################ Alpine Configuration ###########################
+
+# Required
+# Defines the number of worker threads that the event subsystem will consume.
+# Events occur asynchronously and are processed by the Event subsystem. This
+# value should be large enough to handle most production situations without
+# introducing much delay, yet small enough not to pose additional load on an
+# already resource-constrained server.
+# A value of 0 will instruct Alpine to allocate 1 thread per CPU core. This
+# can further be tweaked using the alpine.worker.thread.multiplier property.
+# Default value is 0.
+alpine.worker.threads=0
+
+# Required
+# Defines a multiplier that is used to calculate the number of threads used
+# by the event subsystem. This property is only used when alpine.worker.threads
+# is set to 0. A machine with 4 cores and a multiplier of 4, will use (at most)
+# 16 worker threads. Default value is 4.
+alpine.worker.thread.multiplier=4
+
+# Required
+# Defines the path to the data directory. This directory will hold logs,
+# keys, and any database or index files along with application-specific
+# files or directories.
+alpine.data.directory=~/.dependency-track
+
+# Required
+# Defines the interval (in seconds) to log general heath information.
+# If value equals 0, watchdog logging will be disabled.
+alpine.watchdog.logging.interval=0
+
+# Required
+# Defines the database mode of operation. Valid choices are:
+# 'server', 'embedded', and 'external'.
+# In server mode, the database will listen for connections from remote
+# hosts. In embedded mode, the system will be more secure and slightly
+# faster. External mode should be used when utilizing an external
+# database server (i.e. mysql, postgresql, etc).
+alpine.database.mode=embedded
+
+# Optional
+# Defines the TCP port to use when the database.mode is set to 'server'.
+alpine.database.port=9092
+
+# Required
+# Specifies the JDBC URL to use when connecting to the database.
+alpine.database.url=jdbc:h2:~/.dependency-track/db
+
+# Required
+# Specifies the JDBC driver class to use.
+alpine.database.driver=org.h2.Driver
+
+# Optional
+# Specifies the username to use when authenticating to the database.
+alpine.database.username=sa
+
+# Optional
+# Specifies the password to use when authenticating to the database.
+# alpine.database.password=
+
+# Optional
+# When authentication is enforced, API keys are required for automation,
+# and the user interface will prevent anonymous access by prompting for login
+# credentials.
+alpine.enforce.authentication=true
+
+# Optional
+# When authorization is enforced, team membership for both API keys and
+# user accounts are restricted to what the team itself has access to.
+# To enforce authorization, the enforce.authentication property (above)
+# must be true.
+alpine.enforce.authorization=false
+
+# Required
+# Specifies the number of bcrypt rounds to use when hashing a users password.
+# The higher the number the more secure the password, at the expense of
+# hardware resources and additional time to generate the hash.
+alpine.bcrypt.rounds=14
+
+# Required
+# Defines if LDAP will be used for user authentication. If enabled,
+# alpine.ldap.* properties should be set accordingly.
+alpine.ldap.enabled=false
+
+# Optional
+# Specifies the LDAP server URL
+alpine.ldap.server.url=ldap://ldap.example.com:389
+
+# Optional
+# Specifies the LDAP server domain. This is normally appended to the end of the
+# username to form the userPrincipalName
+alpine.ldap.domain=example.com
+
+# Optional
+# Specifies the base DN that all queries should search from
+alpine.ldap.basedn=dc=example,dc=com
+
+# Optional
+# If anonymous access is not permitted, specify a username with limited
+# access to the directory. Just enough to perform searches.
+alpine.ldap.bind.username=
+
+# Optional
+# If anonymous access is not permitted, specify a password for the
+# username used to bind.
+alpine.ldap.bind.password=
+
+# Optional
+# Specifies the Attribute that all queries should use
+# The default attribute is userPrincipalName
+alpine.ldap.attribute.name=
+
+# Optional
+# Specifies the LDAP attribute used to store a users email address
+alpine.ldap.attribute.mail=mail
+
+# Optional
+# HTTP proxy. If the address is set, then the port must be set too.
+# alpine.http.proxy.address=proxy.example.com
+# alpine.http.proxy.port=8888
+# alpine.http.proxy.username=
+# alpine.http.proxy.password=
+
+####################### Dependency-Track Configuration ######################
+
+# Optional
+# Specifies if VulnDB access is enabled or not. VulnDB is a commercial source
+# of vulnerability data that requires a subscription. Enabling VulnDB provides
+# vulnerability data that may not be published in public repositories and may
+# enhance public vulnerability data with additional content.
+# Refer to https://vulndb.cyberriskanalytics.com/ for information.
+# datasource.vulndb.enabled=false
+```

docs/_docs/getting-started/data-directory.md

@@ -0,0 +1,24 @@
+---
+title: Data Directory
+category: Getting Started
+chapter: 1
+order: 5
+---
+
+ Sync your Facebook contacts with ChatApp. Any of your Facebook friends with ChatApp accounts are automatically added to your contact list!
+
+> Signing up with Facebook automatically starts syncing contacts.
+
+To sync your contacts:
+
+| Content                    | Purpose                                    |
+| -------------------------- | ------------------------------------------ |
+| db.mv.db                   | Embedded H2 database                       |
+| dependency-track.log       | Application log                            |
+| dependency-track-audit.log | Application audit log                      |
+| dependency-check           | Dependency-Check data and report directory |
+| keys                       | Keys used to generate/verify JWT tokens    |
+| nist                       | Full mirrored contents of the NVD          |
+| index                      | Internal search engine index               |
+| server.log                 | Embedded Jetty server log                  |
+| vulndb                     | Read by Dependency-Track to sync contents  |

docs/_docs/getting-started/deploy-docker.md

@@ -0,0 +1,25 @@
+---
+title: Deploying Docker Container
+category: Getting Started
+chapter: 1
+order: 1
+---
+
+Deploying with Docker is the easiest and fastest method of getting started. No prerequisites are required
+other than an modern version of Docker. 
+
+> The 'latest' tag in Docker Hub will always refer to the latest stable GA release. Consult the GitHub repo
+> for instructions on how to run untested snapshot releases.
+
+#### Running the latest stable release
+
+```bash
+# Pull the image from the Docker Hub OWASP repo
+docker pull owasp/dependency-track
+
+# Creates a dedicated volume where data can be stored outside the container
+docker volume create dependency-track
+
+# Run the container
+docker run -d -p 8080:8080 -v dependency-track:/data owasp/dependency-track
+```

docs/_docs/getting-started/deploy-exewar.md

@@ -0,0 +1,21 @@
+---
+title: Deploying the Executable WAR
+category: Getting Started
+chapter: 1
+order: 2
+---
+
+An executable WAR is a traditional Java Web Archive (WAR) that is packaged in a way where it can executed from 
+the command-line. Unlike traditional WARs which require a Servlet container already installed and 
+configured, executable WARs fast-track this process by bundling a Servlet container specifically configured to 
+execute the bundled application.
+
+The Dependency-Track executable WAR is delivered ready-to-run. To use the executable WAR, the only requirement 
+is to have Java 8u101 (or higher) installed and execute:
+
+```bash
+java -Xmx4G -jar dependency-track-embedded.war
+```
+
+For users with Java already installed on their machines, this method of execution may provide the fastest path
+forward.

docs/_docs/getting-started/deploy-war.md

@@ -0,0 +1,11 @@
+---
+title: Deploying the WAR
+category: Getting Started
+chapter: 1
+order: 3
+---
+
+This is the most difficult to deploy option as it requires an already installed and configured Servlet 
+container such as Apache Tomcat 8.5 and higher, however, it offers the most flexible deployment options.
+Follow the Servlet containers instructions for deploying `dependency-track.war`.
+ 

docs/_docs/integrations/dependency-check.md

@@ -0,0 +1,8 @@
+---
+title: Dependency-Check
+category: Integrations
+chapter: 4
+order: 2
+---
+
+TODO

docs/_docs/integrations/ecosystem.md

@@ -0,0 +1,15 @@
+---
+title: Ecosystem Overview
+category: Integrations
+chapter: 4
+order: 1
+---
+
+![alt tag](/images/ecosystem.png)
+
+* Dependency-Check results can be published to SonarQube ([plugin](https://github.com/stevespringett/dependency-check-sonar-plugin))
+* Dependency-Check results can be published to ThreadFix ([plugin](https://plugins.jenkins.io/threadfix))
+* Dependency-Check results can be published to Dependency-Track
+* Software bill-of-materials can be published to Dependency-Track
+* Dependency-Check can use Dependency-Track as a source of evidence
+* Dependency-Track results can be integrated into ThreadFix

docs/_docs/integrations/jenkins.md

@@ -0,0 +1,8 @@
+---
+title: Jenkins
+category: Integrations
+chapter: 4
+order: 3
+---
+
+TODO

docs/_docs/integrations/rest-api.md

@@ -0,0 +1,8 @@
+---
+title: REST API
+category: Integrations
+chapter: 4
+order: 5
+---
+
+TODO

docs/_docs/integrations/threadfix.md

@@ -0,0 +1,8 @@
+---
+title: ThreadFix
+category: Integrations
+chapter: 4
+order: 4
+---
+
+TODO

docs/_docs/terminology.md

@@ -0,0 +1,34 @@
+---
+title: Terminology
+category: Terminology
+chapter: 9
+order:
+---
+
+
+### API Key
+
+### Bill of Material (BOM)
+
+### Component
+
+### CycloneDX
+
+### LDAP User
+
+### License
+
+### Managed User
+
+### Portfolio
+
+### Project
+
+### Scan
+
+### SPDX
+
+### Team
+
+### Vulnerability
+

docs/_docs/usage/cicd.md

@@ -0,0 +1,8 @@
+---
+title: Continuous Delivery
+category: Usage
+chapter: 2
+order: 1
+---
+
+TODO

docs/_docs/usage/cots.md

@@ -0,0 +1,8 @@
+---
+title: Commercial Off-The-Shelf
+category: Usage
+chapter: 2
+order: 4
+---
+
+TODO

docs/_docs/usage/incident-response.md

@@ -0,0 +1,8 @@
+---
+title: Incident Response
+category: Usage
+chapter: 2
+order: 2
+---
+
+TODO

docs/_docs/usage/iot.md

@@ -0,0 +1,8 @@
+---
+title: Internet of Things (IoT)
+category: Usage
+chapter: 2
+order: 3
+---
+
+TODO

docs/_docs/usage/private-vulln-repo.md

@@ -0,0 +1,8 @@
+---
+title: Private Vulnerability Repository
+category: Usage
+chapter: 2
+order: 6
+---
+
+TODO

docs/_docs/usage/sprm.md

@@ -0,0 +1,8 @@
+---
+title: Supply Chain Risk Management
+category: Usage
+chapter: 2
+order: 5
+---
+
+TODO

docs/_layouts/default.html

@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+
+<html>
+	<head>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<meta name="generator" content="Jekyll v{{ jekyll.version }}">
+
+		<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Merriweather:400,400italic,700,700italic|Open+Sans:400,400italic,600,600italic,700,700italic|Inconsolata:400,700">
+		<link rel="stylesheet" href="{{ site.baseurl }}/css/main.css">
+		<link rel="apple-touch-icon" href="{{ site.baseurl }}/apple-touch-icon.png">
+		<link rel="icon" type="image/png" href="{{ site.baseurl }}/touch-icon.png" sizes="192x192">
+		<link rel="icon" type="image/png" href="{{ site.baseurl }}/images/favicon.png">
+
+		{% feed_meta %}
+		{% seo %}
+
+		{% if jekyll.environment == 'production' and site.google_analytics_key != '' %}
+			<script>
+				(function(i,s,o,g,r,a,m){i["GoogleAnalyticsObject"]=r;i[r]=i[r]||function(){
+				(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
+				m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+				})(window,document,"script","//www.google-analytics.com/analytics.js","ga");
+
+				ga("create", "{{ site.google_analytics_key }}", "auto");
+				ga("send", "pageview");
+			</script>
+		{% endif %}
+	</head>
+
+	<body>
+		<header>
+			<h1>
+				<a href="{{ site.baseurl }}/"><img src="{{ site.baseurl }}/images/emblem.svg" width="40" height="40" alt="{{ site.title }} logo"></a>
+				{{ site.title }}
+				<button type="button" class="open-nav" id="open-nav"></button>
+			</h1>
+
+			<form action="{{ site.baseurl }}/search/" method="get">
+				<input type="text" name="q" id="search-input" placeholder="Search" autofocus>
+				<input type="submit" value="Search" style="display: none;">
+			</form>
+
+			<nav {% if site.show_full_navigation %}class="full-navigation"{% endif %}>
+				<ul>
+					<li class="nav-item top-level {% if page.url == '/' %}current{% endif %}">
+						{% assign home = site.html_pages | where: 'url', '/' | first %}
+						<a href="{{ site.baseurl }}/">{{ home.title }}</a>
+					</li>
+				</ul>
+
+				<ul>
+					{% assign grouped = site.docs | sort: 'chapter' | group_by: 'category'%}
+					{% for group in grouped %}
+						<li class="nav-item top-level {% if group.name == page.category %}current{% endif %}">
+							{% assign items = group.items | sort: 'order' %}
+							<a href="{{ site.baseurl }}{{ items.first.url }}">{{ group.name }}</a>
+							<ul>
+								{% for item in items %}
+									<li class="nav-item {% if item.url == page.url %}current{% endif %}"><a href="{{ site.baseurl }}{{ item.url }}">{{ item.title }}</a></li>
+								{% endfor %}
+							</ul>
+						</li>
+					{% endfor %}
+				</ul>
+
+				<ul>
+					<li class="nav-item top-level {% if page.url == '/changelog/' %}current{% endif %}">
+						{% assign changelog = site.html_pages | where: 'url', '/changelog/' | first %}
+						<a href="{{ site.baseurl }}/changelog/">{{ changelog.title }}</a>
+					</li>
+				</ul>
+			</nav>
+		</header>
+
+		<section class="main">
+			<div class="page-header">
+				<h2>{% if page.category %}{{ page.category }}{% else %}{{ site.title }}{% endif %}</h2>
+				<h3>{{ page.title }}</h3>
+			</div>
+			<article class="content">
+				{{ content }}
+			</article>
+		</section>
+
+		<script>
+			document.getElementById("open-nav").addEventListener("click", function () {
+				document.body.classList.toggle("nav-open");
+			});
+		</script>
+	</body>
+</html>

docs/_plugins/replace-regex.rb

@@ -0,0 +1,10 @@
+module Jekyll
+	module RegexFilter
+		def replace_regex(input, regex_string, replace_string)
+			regex = Regexp.new regex_string
+			input.gsub regex, replace_string
+		end
+	end
+end
+
+Liquid::Template.register_filter(Jekyll::RegexFilter)

docs/_posts/2018-03-20-v3.0.0.md

@@ -0,0 +1,25 @@
+---
+title: v3.0.0
+type: major
+---
+
+Project Reboot Successful! This is the first release after being developed from the ground up. 
+
+**Features:**
+
+* Dramatically increases visibility into the use of vulnerable components
+* Supports an unlimited number of projects and components
+* Projects can range from applications, operating systems, firmware, to IoT devices
+* Tracks vulnerabilities across entire project portfolio
+* Tracks vulnerabilities by component
+* Easily identify projects that are potentially vulnerable to newly published vulnerabilities
+* Supports standardized SPDX license ID’s and tracks license use by component
+* Supports CycloneDX and SPDX bill-of-material formats
+* Easy to read metrics for components, projects, and portfolio
+* API-first design facilitates easy integration with other systems
+* API documentation available in Swagger 2.0 (OpenAPI 3 support coming soon)
+* Flexible authentication supports internally managed users, Active Directory/LDAP, and API Keys
+* Simple to install and configure. Get up and running in just a few minutes
+
+**Fixes:**
+

docs/_posts/_defaults.md

@@ -0,0 +1,14 @@
+---
+title:
+type: major
+---
+
+This release introduces
+
+**Features:**
+
+*
+
+**Fixes:**
+
+*

docs/_sass/_code.scss

@@ -0,0 +1,37 @@
+pre, code, tt {
+	font-family: Inconsolata, Consolas, Courier, "Courier New", "Liberation Mono", monospace;
+	font-size: 0.85em;
+	white-space: pre-wrap;
+	border-radius: 2px;
+	line-height: 1.4;
+	font-weight: 400;
+	background-color: #404145;
+	color: #FAFAFA;
+	border-radius: 2px;
+}
+
+pre {
+	box-sizing: border-box;
+	margin: 0 0 1.75em 0;
+	width: 100%;
+	padding: 10px;
+	font-size: 0.9em;
+	white-space: pre;
+	overflow: auto;
+	border-radius: 3px;
+
+	code, tt {
+		font-size: inherit;
+		white-space: pre-wrap;
+		background: transparent;
+		border: none;
+		padding: 0
+	}
+}
+
+blockquote > code,
+li > code,
+p > code {
+	padding: 4px 6px;
+	white-space: nowrap;
+}

docs/_sass/_layout.scss

@@ -0,0 +1,466 @@
+input::-ms-clear,
+input::-ms-reveal {
+	display: none !important;
+}
+
+body {
+	height: auto;
+	overflow-x: hidden;
+	background-color: $body-background-color;
+
+	&.nav-open {
+		overflow: hidden;
+
+		nav,
+		header > form {
+			display: block;
+		}
+
+		header {
+			bottom: 0;
+		}
+	}
+
+	&::before {
+		content: "";
+		background-color: $content-background-color;
+		position: fixed;
+		top: 0;
+		right: 0;
+		bottom: 0;
+		left: 0;
+		z-index: -1;
+	}
+
+	@media (min-width: $mobile-break) {
+		padding: 0 0 0 $nav-width;
+
+		&.nav-open {
+			overflow: auto;
+		}
+
+		&::after,
+		&::before {
+			content: "";
+			position: fixed;
+			top: 0;
+			bottom: 0;
+			z-index: -1;
+		}
+
+		&::after {
+			left: 0;
+			width: $nav-width;
+			background-color: $nav-background-color;
+		}
+
+		#search-input,
+		&::after {
+			box-shadow: inset -10px 0 10px -10px rgba(0, 0, 0, 0.1);
+		}
+
+		&::before {
+			left: $nav-width;
+			right: 0;
+			background-color: $content-background-color;
+		}
+	}
+}
+
+.main {
+	margin-top: $space + $nav-header-height;
+
+	@media (min-width: $mobile-break) {
+		margin-top: 0;
+	}
+}
+
+header {
+	$emblem-size: 35px;
+	$emblem-vertical-padding: ($nav-header-height - $emblem-size) / 2;
+	$emblem-horizontal-padding: $space;
+
+	position: absolute;
+	top: 0;
+	left: 0;
+	right: 0;
+	overflow-x: hidden;
+	z-index: 1;
+	background-color: $nav-background-color;
+
+	ul {
+		padding: 0;
+		margin: 0;
+	}
+
+	h1 {
+		padding: $emblem-vertical-padding $emblem-horizontal-padding;
+		height: $nav-header-height;
+		box-sizing: border-box;
+		background-color: $brand-colour;
+		color: #fff;
+		margin: 0;
+		font-size: 1.7rem;
+		line-height: 0.8;
+		letter-spacing: 0;
+		font-weight: 600;
+		text-indent: 0;
+		@include display-flex();
+		@include flex-direction(row);
+		@include align-items(center);
+		border-bottom: 1px solid rgba(0, 0, 0, 0.075);
+
+		img {
+			height: $emblem-size;
+			width: $emblem-size;
+			margin-right: $space - 5;
+		}
+	}
+
+$nav-image: $baseurl + "/images/menu.svg";
+	.open-nav {
+		background-image: url($nav-image);
+		background-color: transparent;
+		background-repeat: no-repeat;
+		background-size: 100%;
+		width: $emblem-size;
+		height: $emblem-size;
+		border: 0;
+		position: absolute;
+		top: $emblem-vertical-padding;
+		right: $emblem-horizontal-padding;
+		border-radius: 2px;
+
+		&:focus {
+			outline: none;
+			background-color: rgba(0, 0, 0, 0.05);
+		}
+
+		&:hover {
+			background-color: rgba(0, 0, 0, 0.1);
+		}
+	}
+
+	@media (min-width: $mobile-break) {
+		background-color: transparent;
+		width: $nav-width;
+		right: auto;
+		bottom: auto;
+
+		.open-nav {
+			display: none;
+		}
+
+		h1 {
+			box-shadow: inset -10px 0 10px -10px rgba(0, 0, 0, 0.1);
+		}
+	}
+}
+
+.content {
+	position: relative;
+	background-color: $content-background-color;
+	color: $content-color;
+
+	h3::before {
+		content: "";
+		@extend hr;
+		margin: 60px 0;
+	}
+}
+
+.content,
+.page-header {
+	max-width: $content-max-width;
+	padding: 0 ($space + 5) $space;
+	margin: $space auto 0 auto;
+}
+
+.page-header {
+	h2,
+	h3 {
+		margin: 0;
+		line-height: 1.2;
+		letter-spacing: -1px;
+	}
+
+	h2 {
+		font-size: 2rem;
+		margin-left: -1px;
+		color: #888;
+		letter-spacing: 0;
+	}
+
+	h3 {
+		font-size: 4rem;
+		margin-left: -4px;
+	}
+
+	@media (min-width: $mobile-break) {
+		h2 {
+			font-size: 2.65rem;
+		}
+
+		h3 {
+			font-size: 5.4rem;
+		}
+	}
+
+	@media (min-width: $full-width-break) {
+		margin-top: 55px;
+	}
+}
+
+nav,
+header > form {
+	display: none;
+
+	@media (min-width: $mobile-break) {
+		display: block;
+	}
+}
+
+nav > ul {
+	padding: $space / 2 0;
+
+	& + ul {
+		border-top: 1px solid rgba(0, 0, 0, 0.075);
+	}
+}
+
+.nav-item {
+	display: block;
+	font-family: "Open Sans", sans-serif;
+	line-height: 1;
+	margin: 0;
+
+	nav:not(.full-navigation) & > ul {
+		display: none;
+	}
+
+	nav:not(.full-navigation) &.current > ul {
+		display: block;
+	}
+
+	> a {
+		color: #666;
+		text-decoration: none;
+		font-size: 1.4rem;
+		padding: $space / 2 0 $space / 2 $space * 2;
+		display: block;
+	}
+
+	&.current > a,
+	> a:active,
+	> a:hover {
+		color: #111;
+	}
+
+	&.top-level > a {
+		line-height: 1.5;
+		font-weight: 600;
+		padding-left: $space;
+	}
+}
+
+.settings-panel-example {
+	@extend p;
+	@include display-flex();
+	@include flex-direction(column);
+
+	.example {
+		max-width: 300px;
+		background-color: #fafafa;
+		margin: 0;
+		padding: 0;
+		font-size: 0;
+		line-height: 1;
+		border-radius: 2px;
+		overflow: hidden;
+	}
+
+	@media (min-width: 960px) {
+		@include flex-direction(row);
+
+		.details {
+			@include flex(1);
+			margin-right: 20px;
+		}
+
+		p + .highlight > pre {
+			margin-bottom: 0;
+		}
+
+		.example {
+			@include flex(0 0 300px);
+			max-width: 100%;
+		}
+	}
+}
+
+.highlight {
+	margin-left: 0;
+	margin-right: 0;
+}
+
+h3 + .warning {
+	margin-top: 1.75em;
+}
+
+
+h4 code {
+	background: $nav-background-color;
+	color: $content-color;
+	background-color: transparent;
+	font-weight: 700;
+	padding: 0;
+	font-size: 1.1em;
+	line-height: 1;
+}
+
+h4 svg {
+	vertical-align: middle;
+	margin-right: 6px;
+	position: relative;
+	top: -2px;
+	fill: #2E2E2E;
+	height: 23px;
+}
+
+.required {
+	position: relative;
+}
+
+.required::after {
+	content: "REQUIRED";
+	font-size: 12px;
+	position: absolute;
+	top: 5px;
+	line-height: 1;
+	color: $brand-colour;
+	padding-left: 5px;
+}
+
+#search-results {
+	margin: 0;
+	padding: 0;
+
+	li {
+		list-style: none;
+		margin: 0;
+		padding: 0;
+
+		h4 {
+			font-size: 2rem;
+		}
+
+		p {
+			line-height: 1.5;
+		}
+	}
+}
+
+
+#search-input {
+	-webkit-appearance: none;
+	display: block;
+	margin: 0;
+	padding: 10px 20px 10px 15px;
+	width: 100%;
+	box-sizing: border-box;
+	border: 0;
+	border-bottom: 1px solid rgba(0, 0, 0, 0.075);
+	border-left: 5px solid transparent;
+	font-size: 1.5rem;
+	font-weight: 600;
+	line-height: 1.8;
+
+	&:focus {
+		outline: none;
+		border-left-color: $brand-colour;
+	}
+}
+
+.changelog {
+	&,
+	> div {
+		margin: 0;
+		padding: 0;
+		list-style: none;
+	}
+
+	.date {
+		color: #888;
+		font-style: italic;
+	}
+}
+
+.badge {
+	font-family: "Open Sans", sans-serif;
+	padding: 2px 5px;
+	text-transform: uppercase;
+	font-size: 0.8rem;
+	border-radius: 2px;
+	background: #eee;
+	font-weight: bold;
+
+	&.major {
+		background: $brand-colour;
+		color: #fff;
+	}
+}
+
+blockquote {
+	border-left: 5px solid #FD0;
+	padding: 10px 15px;
+	margin-left: -15px;
+	margin-right: -10px;
+	background-color: $brand-colour-light;
+	border-color: $brand-colour;
+
+	p:last-child {
+		margin-bottom: 0;
+	}
+
+	@media (max-width: $full-width-break) {
+		margin-left: 0;
+		margin-right: 0;
+	}
+}
+
+img {
+	max-width: 100%;
+	height: auto;
+}
+
+.editor-link {
+	display: none;
+	margin-top: 0;
+
+	.btn {
+		border: 0;
+		border-radius: 2px;
+		width: 100%;
+		max-width: 500px;
+		box-sizing: border-box;
+		font-size: 2rem;
+		text-decoration: none;
+		padding: 10px 15px;
+		margin: 0;
+		font-size: 18px;
+		cursor: pointer;
+		background-color: #f7e064;
+		color: #333;
+		box-shadow: 1px 1px 5px 0 rgba(0, 0, 0, 0.2);
+
+		&:hover {
+			background-color: #f4d525;
+			color: #333;
+		}
+	}
+
+}
+
+.cms-editor-active .editor-link {
+	display: block;
+}

docs/_sass/_mixins.scss

@@ -0,0 +1,34 @@
+@mixin flex-direction($values) {
+	-webkit-flex-direction: $values;
+	flex-direction: $values;
+}
+
+@mixin flex-flow($values) {
+	-webkit-flex-flow: $values;
+	flex-flow: $values;
+}
+
+@mixin align-items($values) {
+	-webkit-align-items: $values;
+	align-items: $values;
+}
+
+@mixin justify-content($values) {
+	-webkit-justify-content: $values;
+	justify-content: $values;
+}
+
+@mixin flex($values) {
+	-webkit-flex: $values;
+	flex: $values;
+}
+
+@mixin display-flex() {
+	display: -webkit-flex;
+	display: flex;
+}
+
+@mixin display-inline-flex() {
+	display: -webkit-inline-flex;
+	display: inline-flex;
+}

docs/_sass/_normalize.scss

@@ -0,0 +1,427 @@
+/*! normalize.css v3.0.2 | MIT License | git.io/normalize */
+
+/**
+ * 1. Set default font family to sans-serif.
+ * 2. Prevent iOS text size adjust after orientation change, without disabling
+ *    user zoom.
+ */
+
+html {
+  font-family: sans-serif; /* 1 */
+  -ms-text-size-adjust: 100%; /* 2 */
+  -webkit-text-size-adjust: 100%; /* 2 */
+}
+
+/**
+ * Remove default margin.
+ */
+
+body {
+  margin: 0;
+}
+
+/* HTML5 display definitions
+   ========================================================================== */
+
+/**
+ * Correct `block` display not defined for any HTML5 element in IE 8/9.
+ * Correct `block` display not defined for `details` or `summary` in IE 10/11
+ * and Firefox.
+ * Correct `block` display not defined for `main` in IE 11.
+ */
+
+article,
+aside,
+details,
+figcaption,
+figure,
+footer,
+header,
+hgroup,
+main,
+menu,
+nav,
+section,
+summary {
+  display: block;
+}
+
+/**
+ * 1. Correct `inline-block` display not defined in IE 8/9.
+ * 2. Normalize vertical alignment of `progress` in Chrome, Firefox, and Opera.
+ */
+
+audio,
+canvas,
+progress,
+video {
+  display: inline-block; /* 1 */
+  vertical-align: baseline; /* 2 */
+}
+
+/**
+ * Prevent modern browsers from displaying `audio` without controls.
+ * Remove excess height in iOS 5 devices.
+ */
+
+audio:not([controls]) {
+  display: none;
+  height: 0;
+}
+
+/**
+ * Address `[hidden]` styling not present in IE 8/9/10.
+ * Hide the `template` element in IE 8/9/11, Safari, and Firefox < 22.
+ */
+
+[hidden],
+template {
+  display: none;
+}
+
+/* Links
+   ========================================================================== */
+
+/**
+ * Remove the gray background color from active links in IE 10.
+ */
+
+a {
+  background-color: transparent;
+}
+
+/**
+ * Improve readability when focused and also mouse hovered in all browsers.
+ */
+
+a:active,
+a:hover {
+  outline: 0;
+}
+
+/* Text-level semantics
+   ========================================================================== */
+
+/**
+ * Address styling not present in IE 8/9/10/11, Safari, and Chrome.
+ */
+
+abbr[title] {
+  border-bottom: 1px dotted;
+}
+
+/**
+ * Address style set to `bolder` in Firefox 4+, Safari, and Chrome.
+ */
+
+b,
+strong {
+  font-weight: bold;
+}
+
+/**
+ * Address styling not present in Safari and Chrome.
+ */
+
+dfn {
+  font-style: italic;
+}
+
+/**
+ * Address variable `h1` font-size and margin within `section` and `article`
+ * contexts in Firefox 4+, Safari, and Chrome.
+ */
+
+h1 {
+  font-size: 2em;
+  margin: 0.67em 0;
+}
+
+/**
+ * Address styling not present in IE 8/9.
+ */
+
+mark {
+  background: #ff0;
+  color: #000;
+}
+
+/**
+ * Address inconsistent and variable font size in all browsers.
+ */
+
+small {
+  font-size: 80%;
+}
+
+/**
+ * Prevent `sub` and `sup` affecting `line-height` in all browsers.
+ */
+
+sub,
+sup {
+  font-size: 75%;
+  line-height: 0;
+  position: relative;
+  vertical-align: baseline;
+}
+
+sup {
+  top: -0.5em;
+}
+
+sub {
+  bottom: -0.25em;
+}
+
+/* Embedded content
+   ========================================================================== */
+
+/**
+ * Remove border when inside `a` element in IE 8/9/10.
+ */
+
+img {
+  border: 0;
+}
+
+/**
+ * Correct overflow not hidden in IE 9/10/11.
+ */
+
+svg:not(:root) {
+  overflow: hidden;
+}
+
+/* Grouping content
+   ========================================================================== */
+
+/**
+ * Address margin not present in IE 8/9 and Safari.
+ */
+
+figure {
+  margin: 1em 40px;
+}
+
+/**
+ * Address differences between Firefox and other browsers.
+ */
+
+hr {
+  -moz-box-sizing: content-box;
+  box-sizing: content-box;
+  height: 0;
+}
+
+/**
+ * Contain overflow in all browsers.
+ */
+
+pre {
+  overflow: auto;
+}
+
+/**
+ * Address odd `em`-unit font size rendering in all browsers.
+ */
+
+code,
+kbd,
+pre,
+samp {
+  font-family: monospace, monospace;
+  font-size: 1em;
+}
+
+/* Forms
+   ========================================================================== */
+
+/**
+ * Known limitation: by default, Chrome and Safari on OS X allow very limited
+ * styling of `select`, unless a `border` property is set.
+ */
+
+/**
+ * 1. Correct color not being inherited.
+ *    Known issue: affects color of disabled elements.
+ * 2. Correct font properties not being inherited.
+ * 3. Address margins set differently in Firefox 4+, Safari, and Chrome.
+ */
+
+button,
+input,
+optgroup,
+select,
+textarea {
+  color: inherit; /* 1 */
+  font: inherit; /* 2 */
+  margin: 0; /* 3 */
+}
+
+/**
+ * Address `overflow` set to `hidden` in IE 8/9/10/11.
+ */
+
+button {
+  overflow: visible;
+}
+
+/**
+ * Address inconsistent `text-transform` inheritance for `button` and `select`.
+ * All other form control elements do not inherit `text-transform` values.
+ * Correct `button` style inheritance in Firefox, IE 8/9/10/11, and Opera.
+ * Correct `select` style inheritance in Firefox.
+ */
+
+button,
+select {
+  text-transform: none;
+}
+
+/**
+ * 1. Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio`
+ *    and `video` controls.
+ * 2. Correct inability to style clickable `input` types in iOS.
+ * 3. Improve usability and consistency of cursor style between image-type
+ *    `input` and others.
+ */
+
+button,
+html input[type="button"], /* 1 */
+input[type="reset"],
+input[type="submit"] {
+  -webkit-appearance: button; /* 2 */
+  cursor: pointer; /* 3 */
+}
+
+/**
+ * Re-set default cursor for disabled elements.
+ */
+
+button[disabled],
+html input[disabled] {
+  cursor: default;
+}
+
+/**
+ * Remove inner padding and border in Firefox 4+.
+ */
+
+button::-moz-focus-inner,
+input::-moz-focus-inner {
+  border: 0;
+  padding: 0;
+}
+
+/**
+ * Address Firefox 4+ setting `line-height` on `input` using `!important` in
+ * the UA stylesheet.
+ */
+
+input {
+  line-height: normal;
+}
+
+/**
+ * It's recommended that you don't attempt to style these elements.
+ * Firefox's implementation doesn't respect box-sizing, padding, or width.
+ *
+ * 1. Address box sizing set to `content-box` in IE 8/9/10.
+ * 2. Remove excess padding in IE 8/9/10.
+ */
+
+input[type="checkbox"],
+input[type="radio"] {
+  box-sizing: border-box; /* 1 */
+  padding: 0; /* 2 */
+}
+
+/**
+ * Fix the cursor style for Chrome's increment/decrement buttons. For certain
+ * `font-size` values of the `input`, it causes the cursor style of the
+ * decrement button to change from `default` to `text`.
+ */
+
+input[type="number"]::-webkit-inner-spin-button,
+input[type="number"]::-webkit-outer-spin-button {
+  height: auto;
+}
+
+/**
+ * 1. Address `appearance` set to `searchfield` in Safari and Chrome.
+ * 2. Address `box-sizing` set to `border-box` in Safari and Chrome
+ *    (include `-moz` to future-proof).
+ */
+
+input[type="search"] {
+  -webkit-appearance: textfield; /* 1 */
+  -moz-box-sizing: content-box;
+  -webkit-box-sizing: content-box; /* 2 */
+  box-sizing: content-box;
+}
+
+/**
+ * Remove inner padding and search cancel button in Safari and Chrome on OS X.
+ * Safari (but not Chrome) clips the cancel button when the search input has
+ * padding (and `textfield` appearance).
+ */
+
+input[type="search"]::-webkit-search-cancel-button,
+input[type="search"]::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+/**
+ * Define consistent border, margin, and padding.
+ */
+
+fieldset {
+  border: 1px solid #c0c0c0;
+  margin: 0 2px;
+  padding: 0.35em 0.625em 0.75em;
+}
+
+/**
+ * 1. Correct `color` not being inherited in IE 8/9/10/11.
+ * 2. Remove padding so people aren't caught out if they zero out fieldsets.
+ */
+
+legend {
+  border: 0; /* 1 */
+  padding: 0; /* 2 */
+}
+
+/**
+ * Remove default vertical scrollbar in IE 8/9/10/11.
+ */
+
+textarea {
+  overflow: auto;
+}
+
+/**
+ * Don't inherit the `font-weight` (applied by a rule above).
+ * NOTE: the default cannot safely be changed in Chrome and Safari on OS X.
+ */
+
+optgroup {
+  font-weight: bold;
+}
+
+/* Tables
+   ========================================================================== */
+
+/**
+ * Remove most spacing between table cells.
+ */
+
+table {
+  border-collapse: collapse;
+  border-spacing: 0;
+}
+
+td,
+th {
+  padding: 0;
+}

docs/_sass/_pygments.scss

@@ -0,0 +1,81 @@
+.highlight {
+	.hll { background-color: #ffffcc }
+	.c { color: #87ceeb} /* Comment */
+	.err { color: #ffffff} /* Error */
+	.g { color: #ffffff} /* Generic */
+	.k { color: #f0e68c} /* Keyword */
+	.l { color: #ffffff} /* Literal */
+	.n { color: #ffffff} /* Name */
+	.o { color: #ffffff} /* Operator */
+	.x { color: #ffffff} /* Other */
+	.p { color: #ffffff} /* Punctuation */
+	.cm { color: #87ceeb} /* Comment.Multiline */
+	.cp { color: #cd5c5c} /* Comment.Preproc */
+	.c1 { color: #87ceeb} /* Comment.Single */
+	.cs { color: #87ceeb} /* Comment.Special */
+	.gd { color: #0000c0; font-weight: bold; background-color: #008080 } /* Generic.Deleted */
+	.ge { color: #c000c0; text-decoration: underline} /* Generic.Emph */
+	.gr { color: #c0c0c0; font-weight: bold; background-color: #c00000 } /* Generic.Error */
+	.gh { color: #cd5c5c} /* Generic.Heading */
+	.gi { color: #ffffff; background-color: #0000c0 } /* Generic.Inserted */
+	span.go { color: #add8e6; font-weight: bold; background-color: #4d4d4d } /* Generic.Output, qualified with span to prevent applying this style to the Go language, see #1153. */
+	.gp { color: #ffffff} /* Generic.Prompt */
+	.gs { color: #ffffff} /* Generic.Strong */
+	.gu { color: #cd5c5c} /* Generic.Subheading */
+	.gt { color: #c0c0c0; font-weight: bold; background-color: #c00000 } /* Generic.Traceback */
+	.kc { color: #f0e68c} /* Keyword.Constant */
+	.kd { color: #f0e68c} /* Keyword.Declaration */
+	.kn { color: #f0e68c} /* Keyword.Namespace */
+	.kp { color: #f0e68c} /* Keyword.Pseudo */
+	.kr { color: #f0e68c} /* Keyword.Reserved */
+	.kt { color: #bdb76b} /* Keyword.Type */
+	.ld { color: #ffffff} /* Literal.Date */
+	.m { color: #EAB289} /* Literal.Number */
+	.s { color: #EAB289} /* Literal.String */
+	.na { color: #8CF0E8} /* Name.Attribute */
+	.nb { color: #ffffff} /* Name.Builtin */
+	.nc { color: #ffffff} /* Name.Class */
+	.no { color: #ffa0a0} /* Name.Constant */
+	.nd { color: #ffffff} /* Name.Decorator */
+	.ni { color: #ffdead} /* Name.Entity */
+	.ne { color: #ffffff} /* Name.Exception */
+	.nf { color: #ffffff} /* Name.Function */
+	.nl { color: #ffffff} /* Name.Label */
+	.nn { color: #ffffff} /* Name.Namespace */
+	.nx { color: #ffffff} /* Name.Other */
+	.py { color: #ffffff} /* Name.Property */
+	.nt { color: #f0e68c} /* Name.Tag */
+	.nv { color: #98fb98} /* Name.Variable */
+	.ow { color: #ffffff} /* Operator.Word */
+	.w { color: #ffffff} /* Text.Whitespace */
+	.mf { color: #ffffff} /* Literal.Number.Float */
+	.mh { color: #ffffff} /* Literal.Number.Hex */
+	.mi { color: #ffffff} /* Literal.Number.Integer */
+	.mo { color: #ffffff} /* Literal.Number.Oct */
+	.sb { color: #ffffff} /* Literal.String.Backtick */
+	.sc { color: #ffffff} /* Literal.String.Char */
+	.sd { color: #ffffff} /* Literal.String.Doc */
+	.s2 { color: #ffffff} /* Literal.String.Double */
+	.se { color: #ffffff} /* Literal.String.Escape */
+	.sh { color: #ffffff} /* Literal.String.Heredoc */
+	.si { color: #ffffff} /* Literal.String.Interpol */
+	.sx { color: #ffffff} /* Literal.String.Other */
+	.sr { color: #ffffff} /* Literal.String.Regex */
+	.s1 { color: #ffffff} /* Literal.String.Single */
+	.ss { color: #ffffff} /* Literal.String.Symbol */
+	.bp { color: #ffffff} /* Name.Builtin.Pseudo */
+	.vc { color: #98fb98} /* Name.Variable.Class */
+	.vg { color: #98fb98} /* Name.Variable.Global */
+	.vi { color: #98fb98} /* Name.Variable.Instance */
+	.il { color: #ffffff} /* Literal.Number.Integer.Long */
+	.bash .nv {
+		-webkit-user-select: none;
+		-moz-user-select: none;
+		-ms-user-select: none;
+		-o-user-select: none;
+		user-select: none;
+	}
+	.language-bash & .nb {
+	    color: #99D4FF;
+	}
+}

docs/_sass/_tables.scss

@@ -0,0 +1,21 @@
+table {
+	width: 100%;
+	margin-bottom: 1.75em;
+}
+
+tr {
+	border-bottom: 1px solid #EEE;
+}
+
+tr:nth-child(even) {
+	background: #fcfcfc;
+}
+
+td, th {
+	padding: 8px;
+	text-align: left;
+}
+
+th {
+	padding-bottom: 4px;
+}

docs/_sass/_typography.scss

@@ -0,0 +1,253 @@
+html {
+	height: 100%;
+	max-height: 100%;
+	font-size: 10px;
+	-webkit-tap-highlight-color: transparent;
+}
+
+body {
+	height: 100%;
+	max-height: 100%;
+	font-family: "Merriweather", serif;
+	letter-spacing: 0.01rem;
+	font-size: 1.8em;
+	line-height: 1.75em;
+	color: #3A4145;
+	font-weight: 400;
+	-webkit-font-feature-settings: 'kern' 1;
+	-moz-font-feature-settings: 'kern' 1;
+	-o-font-feature-settings: 'kern' 1;
+	text-rendering: geometricPrecision;
+}
+
+h1,
+h2,
+h3,
+h4,
+h5,
+h6,
+input,
+label,
+select,
+textarea,
+table {
+	-webkit-font-feature-settings: 'dlig' 1, 'liga' 1, 'lnum' 1, 'kern' 1;
+	-moz-font-feature-settings: 'dlig' 1, 'liga' 1, 'lnum' 1, 'kern' 1;
+	-o-font-feature-settings: 'dlig' 1, 'liga' 1, 'lnum' 1, 'kern' 1;
+	font-family: "Open Sans", sans-serif;
+	text-rendering: geometricPrecision;
+}
+
+h1,
+h2,
+h3,
+h4,
+h5,
+h6 {
+	color: #2E2E2E;
+	line-height: 1.15em;
+	margin: 0 0 0.4em 0;
+	font-weight: 600;
+}
+
+h1 {
+	font-size: 5rem;
+	letter-spacing: -2px;
+	text-indent: -3px;
+}
+
+h2 {
+	font-size: 3.6rem;
+	letter-spacing: -1px;
+}
+
+h3 {
+	font-size: 3rem;
+}
+
+h4 {
+	font-size: 2.3rem;
+}
+
+h5 {
+	font-size: 2rem;
+}
+
+h6 {
+	font-size: 2rem;
+}
+
+a {
+	color: #4A4A4A;
+	transition: color 0.2s ease;
+}
+
+a:hover {
+	color: #111;
+}
+
+p,
+ul,
+ol,
+dl,
+figure {
+	-webkit-font-feature-settings: 'liga' 1, 'onum' 1, 'kern' 1;
+	-moz-font-feature-settings: 'liga' 1, 'onum' 1, 'kern' 1;
+	-o-font-feature-settings: 'liga' 1, 'onum' 1, 'kern' 1;
+	margin: 0 0 1.75em 0;
+	text-rendering: geometricPrecision;
+}
+
+ol,
+ul {
+	padding-left: 3rem;
+}
+
+ol ol,
+ul ul,
+ul ol,
+ol ul {
+	margin: 0 0 0.4em 0;
+	padding-left: 2em;
+}
+
+dl dt {
+	float: left;
+	width: 180px;
+	overflow: hidden;
+	clear: left;
+	text-align: right;
+	text-overflow: ellipsis;
+	white-space: nowrap;
+	font-weight: 700;
+	margin-bottom: 1em;
+}
+
+dl dd {
+	margin-left: 200px;
+	margin-bottom: 1em;
+}
+
+li {
+	margin: 0.4em 0;
+}
+
+li li {
+	margin: 0;
+}
+
+hr {
+	display: block;
+	height: 1px;
+	border: 0;
+	border-top: #eee 1px solid;
+	margin: 3.2em 0;
+	padding: 0;
+}
+
+mark {
+	background-color: #fdffb6
+}
+
+kbd {
+	display: inline-block;
+	margin-bottom: 0.4em;
+	padding: 1px 8px;
+	border: #CCC 1px solid;
+	color: #666;
+	text-shadow: #FFF 0 1px 0;
+	font-size: 0.9em;
+	font-weight: 700;
+	background: #F4F4F4;
+	border-radius: 4px;
+	box-shadow: 0 1px 0 rgba(0, 0, 0, 0.2), 0 1px 0 0 #fff inset;
+}
+
+@media only screen and (max-width: 900px) {
+	blockquote {
+		margin-left: 0;
+	}
+
+	hr {
+		margin: 2.4em 0;
+	}
+
+	ol,
+	ul {
+		padding-left: 2em;
+	}
+
+	h1 {
+		font-size: 4.5rem;
+		text-indent: -2px;
+	}
+
+	h2 {
+		font-size: 3.6rem;
+	}
+
+	h3 {
+		font-size: 3.1rem;
+	}
+
+	h4 {
+		font-size: 2.5rem;
+	}
+
+	h5 {
+		font-size: 2.2rem;
+	}
+
+	h6 {
+		font-size: 1.8rem;
+	}
+}
+
+@media only screen and (max-width: 500px) {
+	hr {
+		margin: 1.75em 0;
+	}
+
+	p,
+	ul,
+	ol,
+	dl {
+		font-size: 0.95em;
+		margin: 0 0 2.5rem 0;
+	}
+
+	h1,
+	h2,
+	h3,
+	h4,
+	h5,
+	h6 {
+		margin: 0 0 0.3em 0;
+	}
+
+	h1 {
+		font-size: 2.8rem;
+		letter-spacing: -1px;
+	}
+
+	h2 {
+		font-size: 2.4rem;
+		letter-spacing: 0;
+	}
+
+	h3 {
+		font-size: 2.1rem;
+	}
+
+	h4 {
+		font-size: 1.9rem;
+	}
+
+	h5 {
+		font-size: 1.8rem;
+	}
+
+	h6 {
+		font-size: 1.8rem;
+	}
+}

docs/changelog.html

@@ -0,0 +1,18 @@
+---
+title: Change Log
+---
+
+<p>Subscribe with <a href="{{ site.baseurl }}/feed.xml">RSS</a> to keep up with the latest changes.</p>
+
+<div class="changelog">
+	{% for change in site.posts %}
+		<div class="changelog-item">
+			<h3>{{ change.title }}</h3>
+			<p><span class="date">{{ change.date | date: "%B %d, %Y" }}</span> <span class="badge {{ change.type }}">{{ change.type }}</span></p>
+
+			{{ change.content }}
+
+			<p class="editor-link"><a href="cloudcannon:collections/{{ change.path }}" class="btn"><strong>&#9998;</strong> Update Entry</a></p>
+		</div>
+	{% endfor %}
+</div>

docs/css/main.scss

@@ -0,0 +1,36 @@
+---
+layout: null
+sitemap: false
+---
+
+{% if site.baseurl and site.baseurl != "" %}
+	$baseurl: "{{ site.baseurl }}";
+{% else %}
+	$baseurl: "";
+{% endif %}
+$body-background-color: #2B2E31;
+
+$content-max-width: 800px;
+$content-color: #222;
+$content-background-color: #fff;
+
+$brand-colour: #3583d6;
+$brand-colour-light: mix($brand-colour, $content-background-color, 10%);
+
+$nav-header-background-color: $brand-colour;
+$nav-header-height: 60px;
+$nav-background-color: #f5f5f5;
+$nav-width: 300px;
+
+$space: 20px;
+
+$mobile-break: 700px;
+$full-width-break: $nav-width + ($space * 4) + $content-max-width;
+
+@import "mixins";
+@import "normalize";
+@import "pygments";
+@import "typography";
+@import "code";
+@import "tables";
+@import "layout";

docs/images/emblem.svg

@@ -0,0 +1,4 @@
+<svg fill="#ffffff" height="24" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg">
+    <path d="M17 3H7c-1.1 0-1.99.9-1.99 2L5 21l7-3 7 3V5c0-1.1-.9-2-2-2z"/>
+    <path d="M0 0h24v24H0z" fill="none"/>
+</svg>

docs/images/menu.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24">
+    <path d="M0 0h24v24h-24z" fill="none"/>
+    <path d="M3 18h18v-2h-18v2zm0-5h18v-2h-18v2zm0-7v2h18v-2h-18z" fill="#fff"/>
+</svg>

docs/index.md

@@ -0,0 +1,38 @@
+---
+title: Introduction
+---
+
+Modern applications leverage the availability of existing components for use as building blocks 
+in application development. By using existing components, organizations can dramatically decrease
+time-to-market. Reusing existing components however, comes at a cost. Organizations that build on 
+top of existing components assume risk for software they did not create. Vulnerabilities in third-party
+components are inherited by all applications that use those components. The [OWASP Top Ten] (2013 and 2017)
+both recognize the risk of [using components with known vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
+
+![dashboard](images/screenshots/dashboard.png)
+
+Dependency-Track is a Software Composition Analysis (SCA) platform that keeps track of all third-party 
+components used in all the applications an organization creates or consumes. It integrates with multiple
+vulnerability databases including the [National Vulnerability Database] (NVD), [Node Security Platform] (NSP),
+and [VulnDB] from [Risk Based Security]. Dependency-Track monitors all applications in its portfolio in order
+to proactively identify vulnerabilities in components that are placing your applications at risk. Use of 
+Dependency-Track can play a vital role in an overall Supply Chain Risk Management (SCRM) program by providing 
+many of the recommendations outlined in the [NIST Cybersecurity Framework].
+
+Dependency-Track is designed to be used in an automated DevOps environment where [Dependency-Check]
+results or specific BOM (Bill of Material) formats are automatically ingested during CI/CD. Use of the 
+[Dependency-Check Jenkins Plugin] is highly recommended for this purpose and is well suited for use
+in [Jenkins Pipeline]. In such an environment, Dependency-Track enables your DevOps teams to accelerate while
+still keeping tabs on component usage and any inherited risk.
+
+Dependency-Track can also be used to monitor vulnerabilities in COTS (commercial off-the-shelf) software.
+
+[OWASP Top Ten]: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
+[National Vulnerability Database]: https://nvd.nist.gov
+[Node Security Platform]: https://nodesecurity.io
+[VulnDB]: https://vulndb.cyberriskanalytics.com
+[Risk Based Security]: https://www.riskbasedsecurity.com
+[NIST Cybersecurity Framework]: https://www.nist.gov/cybersecurity-framework
+[Dependency-Check]: https://www.owasp.org/index.php/OWASP_Dependency_Check
+[Dependency-Check Jenkins Plugin]: https://plugins.jenkins.io/dependency-check-jenkins-plugin
+[Jenkins Pipeline]: https://jenkins.io/solutions/pipeline

docs/robots.txt

@@ -0,0 +1,7 @@
+---
+layout: null
+sitemap: false
+---
+User-agent: *
+Sitemap: {{ site.url }}/sitemap.xml
+Disallow: /search/

docs/scripts/search.js

@@ -0,0 +1,105 @@
+---
+layout: null
+---
+(function () {
+	function getQueryVariable(variable) {
+		var query = window.location.search.substring(1),
+			vars = query.split("&");
+
+		for (var i = 0; i < vars.length; i++) {
+			var pair = vars[i].split("=");
+
+			if (pair[0] === variable) {
+				return pair[1];
+			}
+		}
+	}
+
+	function getPreview(query, content, previewLength) {
+		previewLength = previewLength || (content.length * 2);
+
+		var parts = query.split(" "),
+			match = content.toLowerCase().indexOf(query.toLowerCase()),
+			matchLength = query.length,
+			preview;
+
+		// Find a relevant location in content
+		for (var i = 0; i < parts.length; i++) {
+			if (match >= 0) {
+				break;
+			}
+
+			match = content.toLowerCase().indexOf(parts[i].toLowerCase());
+			matchLength = parts[i].length;
+		}
+
+		// Create preview
+		if (match >= 0) {
+			var start = match - (previewLength / 2),
+				end = start > 0 ? match + matchLength + (previewLength / 2) : previewLength;
+
+			preview = content.substring(start, end).trim();
+
+			if (start > 0) {
+				preview = "..." + preview;
+			}
+
+			if (end < content.length) {
+				preview = preview + "...";
+			}
+
+			// Highlight query parts
+			preview = preview.replace(new RegExp("(" + parts.join("|") + ")", "gi"), "<strong>$1</strong>");
+		} else {
+			// Use start of content if no match found
+			preview = content.substring(0, previewLength).trim() + (content.length > previewLength ? "..." : "");
+		}
+
+		return preview;
+	}
+
+	function displaySearchResults(results, query) {
+		var searchResultsEl = document.getElementById("search-results"),
+			searchProcessEl = document.getElementById("search-process");
+
+		if (results.length) {
+			var resultsHTML = "";
+			results.forEach(function (result) {
+				var item = window.data[result.ref],
+					contentPreview = getPreview(query, item.content, 170),
+					titlePreview = getPreview(query, item.title);
+
+				resultsHTML += "<li><h4><a href='{{ site.baseurl }}" + item.url.trim() + "'>" + titlePreview + "</a></h4><p><small>" + contentPreview + "</small></p></li>";
+			});
+
+			searchResultsEl.innerHTML = resultsHTML;
+			searchProcessEl.innerText = "Showing";
+		} else {
+			searchResultsEl.style.display = "none";
+			searchProcessEl.innerText = "No";
+		}
+	}
+
+	window.index = lunr(function () {
+		this.field("id");
+		this.field("title", {boost: 10});
+		this.field("category");
+		this.field("url");
+		this.field("content");
+	});
+
+	var query = decodeURIComponent((getQueryVariable("q") || "").replace(/\+/g, "%20")),
+		searchQueryContainerEl = document.getElementById("search-query-container"),
+		searchQueryEl = document.getElementById("search-query"),
+		searchInputEl = document.getElementById("search-input");
+
+	searchInputEl.value = query;
+	searchQueryEl.innerText = query;
+	searchQueryContainerEl.style.display = "inline";
+
+	for (var key in window.data) {
+		window.index.add(window.data[key]);
+	}
+
+	displaySearchResults(window.index.search(query), query); // Hand the results off to be displayed
+})();

docs/search.html

@@ -0,0 +1,32 @@
+---
+title: Search
+sitemap: false
+---
+
+<p><span id="search-process">Loading</span> results <span id="search-query-container" style="display: none;">for "<strong id="search-query"></strong>"</span></p>
+<ul id="search-results"></ul>
+
+<script>
+	window.data = {
+		{% for item in site.docs %}
+			{% if item.title %}
+				{% unless item.excluded_in_search %}
+					{% if added %},{% endif %}
+					{% assign added = false %}
+
+					"{{ item.url | slugify }}": {
+						"id": "{{ item.url | slugify }}",
+						"title": "{{ item.title | xml_escape }}",
+						"category": "{{ collection.title | xml_escape }}",
+						"url": " {{ item.url | xml_escape }}",
+						"content": {{ item.content | strip_html | replace_regex: "[\s/\n]+"," " | strip | jsonify }}
+					}
+
+					{% assign added = true %}
+				{% endunless %}
+			{% endif %}
+		{% endfor %}
+	};
+</script>
+<script src="{{ site.baseurl }}/scripts/lunr.min.js"></script>
+<script src="{{ site.baseurl }}/scripts/search.js"></script>