diff options
| author | Kurt Jaeger <pi@FreeBSD.org> | 2018-04-01 14:37:26 +0000 |
|---|---|---|
| committer | Kurt Jaeger <pi@FreeBSD.org> | 2018-04-01 14:37:26 +0000 |
| commit | afc2f901f4d8657ce515ccc124c3b045a758de92 (patch) | |
| tree | 51bdd7d76e7303cd2cfa4134af283b6b0bee2c4b /security/owasp-dependency-check/files | |
| parent | - Update to 4.6.3 (diff) | |
New port: security/owasp-dependency-check
Dependency-Check is a utility that attempts to detect publicly disclosed
vulnerabilities contained within project dependencies. It does this by
determining if there is a Common Platform Enumeration (CPE) identifier
for a given dependency. If found, it will generate a report linking to
the associated CVE entries.
WWW: https://github.com/jeremylong/DependencyCheck
WWW: https://www.owasp.org/index.php/OWASP_Dependency_Check
WWW: https://jeremylong.github.io/DependencyCheck/dependency-check-cli/
WWW: https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html
PR: 226206
Submitted by: Andreas Sommer <andreas.sommer87@googlemail.com>
Notes
Notes:
svn path=/head/; revision=466161
Diffstat (limited to 'security/owasp-dependency-check/files')
| -rw-r--r-- | security/owasp-dependency-check/files/owasp-dependency-check.in | 21 | ||||
| -rw-r--r-- | security/owasp-dependency-check/files/patch-dependency--check--cli-pom.xml | 18 |
2 files changed, 39 insertions, 0 deletions
diff --git a/security/owasp-dependency-check/files/owasp-dependency-check.in b/security/owasp-dependency-check/files/owasp-dependency-check.in new file mode 100644 index 000000000000..66fd4b7e32b1 --- /dev/null +++ b/security/owasp-dependency-check/files/owasp-dependency-check.in @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ + +# By default, this writes to /var/cache/owasp-dependency-check/data/dc.h2.db to cache vulnerability databases. +# Both read and write access to the cached database requires an exclusive lock file inside the same directory +# (even with `--noupdate`), so it's recommended to specify `--data PATH_TO_DATA_DIRECTORY` to ensure usability +# of the database by non-root users. Without the parameter, it defaults to write files into +# /var/cache/owasp-dependency-check/data. +# +# `--cve*` arguments fix https://github.com/jeremylong/DependencyCheck/issues/1171 until the changed URLs +# get released. +JAVA_VERSION="%%JAVA_VERSION%%" \ + "%%LOCALBASE%%/bin/java" \ + -Dbasedir="/var/cache/owasp-dependency-check" \ + -jar "%%JAVAJARDIR%%/owasp-dependency-check-%%PORTVERSION%%-jar-with-dependencies.jar" \ + --cveUrl12Base "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz" \ + --cveUrl20Base "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz" \ + --cveUrl12Modified "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz" \ + --cveUrl20Modified "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-modified.xml.gz" \ + "$@" diff --git a/security/owasp-dependency-check/files/patch-dependency--check--cli-pom.xml b/security/owasp-dependency-check/files/patch-dependency--check--cli-pom.xml new file mode 100644 index 000000000000..f0561fd156b9 --- /dev/null +++ b/security/owasp-dependency-check/files/patch-dependency--check--cli-pom.xml @@ -0,0 +1,18 @@ +--- dependency-check-cli/pom.xml.orig 2018-01-29 03:12:27 UTC ++++ dependency-check-cli/pom.xml +@@ -91,7 +91,15 @@ Copyright (c) 2012 - Jeremy Long. All Ri + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> ++ <archive> ++ <manifest> ++ <mainClass>org.owasp.dependencycheck.App</mainClass> ++ </manifest> ++ </archive> + <attach>false</attach> <!-- don't install/deploy this archive --> ++ <descriptorRefs> ++ <descriptorRef>jar-with-dependencies</descriptorRef> ++ </descriptorRefs> + </configuration> + <executions> + <execution> |