summaryrefslogtreecommitdiff
path: root/security/owasp-dependency-check/files/owasp-dependency-check.in
diff options
context:
space:
mode:
Diffstat (limited to 'security/owasp-dependency-check/files/owasp-dependency-check.in')
-rw-r--r--security/owasp-dependency-check/files/owasp-dependency-check.in21
1 files changed, 21 insertions, 0 deletions
diff --git a/security/owasp-dependency-check/files/owasp-dependency-check.in b/security/owasp-dependency-check/files/owasp-dependency-check.in
new file mode 100644
index 000000000000..66fd4b7e32b1
--- /dev/null
+++ b/security/owasp-dependency-check/files/owasp-dependency-check.in
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# $FreeBSD$
+
+# By default, this writes to /var/cache/owasp-dependency-check/data/dc.h2.db to cache vulnerability databases.
+# Both read and write access to the cached database requires an exclusive lock file inside the same directory
+# (even with `--noupdate`), so it's recommended to specify `--data PATH_TO_DATA_DIRECTORY` to ensure usability
+# of the database by non-root users. Without the parameter, it defaults to write files into
+# /var/cache/owasp-dependency-check/data.
+#
+# `--cve*` arguments fix https://github.com/jeremylong/DependencyCheck/issues/1171 until the changed URLs
+# get released.
+JAVA_VERSION="%%JAVA_VERSION%%" \
+ "%%LOCALBASE%%/bin/java" \
+ -Dbasedir="/var/cache/owasp-dependency-check" \
+ -jar "%%JAVAJARDIR%%/owasp-dependency-check-%%PORTVERSION%%-jar-with-dependencies.jar" \
+ --cveUrl12Base "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz" \
+ --cveUrl20Base "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz" \
+ --cveUrl12Modified "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz" \
+ --cveUrl20Modified "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-modified.xml.gz" \
+ "$@"