In files/pkg-message.in, don't use %%PREFIX%%/etc/vuls.conf Configure vuls by editing %%ETCDIR%%/config.toml. Vuls uses the port security/go-cve-dictionary to look up information about packages' CVEs. Install that port separately somewhere in your infrastructure, start the service and point vuls to it for CVE queries by editing vuls' configuration in %%PREFIX%%/etc/vuls.conf and setting the cveDict url properly. should be: Configure vuls by editing %%ETCDIR%%/config.toml. Vuls uses the port security/go-cve-dictionary to look up information about packages' CVEs. Install that port separately somewhere in your infrastructure, start the service and point vuls to it for CVE queries by editing vuls' configuration in %%ETCDIR%%/config.toml and setting the cveDict url properly.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=6c93d1064f8c873199761a8fc60c170b37d60575 commit 6c93d1064f8c873199761a8fc60c170b37d60575 Author: Palle Girgensohn <girgen@FreeBSD.org> AuthorDate: 2024-10-09 16:35:05 +0000 Commit: Palle Girgensohn <girgen@FreeBSD.org> CommitDate: 2024-10-09 16:35:58 +0000 security/vuls: Fix pkg-message to point to the correct config file PR: 281957 security/vuls/Makefile | 1 + security/vuls/files/pkg-message.in | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-)
Committed. Thanks!