mirror of
https://git.freebsd.org/ports.git
synced 2025-06-08 22:30:38 -04:00
Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. WWW: https://github.com/jeremylong/DependencyCheck WWW: https://www.owasp.org/index.php/OWASP_Dependency_Check WWW: https://jeremylong.github.io/DependencyCheck/dependency-check-cli/ WWW: https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html PR: 226206 Submitted by: Andreas Sommer <andreas.sommer87@googlemail.com>
21 lines
1.1 KiB
Bash
21 lines
1.1 KiB
Bash
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
|
|
# By default, this writes to /var/cache/owasp-dependency-check/data/dc.h2.db to cache vulnerability databases.
|
|
# Both read and write access to the cached database requires an exclusive lock file inside the same directory
|
|
# (even with `--noupdate`), so it's recommended to specify `--data PATH_TO_DATA_DIRECTORY` to ensure usability
|
|
# of the database by non-root users. Without the parameter, it defaults to write files into
|
|
# /var/cache/owasp-dependency-check/data.
|
|
#
|
|
# `--cve*` arguments fix https://github.com/jeremylong/DependencyCheck/issues/1171 until the changed URLs
|
|
# get released.
|
|
JAVA_VERSION="%%JAVA_VERSION%%" \
|
|
"%%LOCALBASE%%/bin/java" \
|
|
-Dbasedir="/var/cache/owasp-dependency-check" \
|
|
-jar "%%JAVAJARDIR%%/owasp-dependency-check-%%PORTVERSION%%-jar-with-dependencies.jar" \
|
|
--cveUrl12Base "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz" \
|
|
--cveUrl20Base "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz" \
|
|
--cveUrl12Modified "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz" \
|
|
--cveUrl20Modified "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-modified.xml.gz" \
|
|
"$@"
|