FreeBSD Bugzilla – Attachment 192005 Details for
Bug 226206
[New port] security/owasp-dependency-check: Detects publicly disclosed vulnerabilities in project dependencies
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
owasp-dependency-check-3.1.1.shar
owasp-dependency-check-3.1.1.shar (text/plain), 5.92 KB, created by
Andreas Sommer
on 2018-03-31 14:26:15 UTC
(
hide
)
Description:
owasp-dependency-check-3.1.1.shar
Filename:
MIME Type:
Creator:
Andreas Sommer
Created:
2018-03-31 14:26:15 UTC
Size:
5.92 KB
patch
obsolete
># This is a shell archive. Save it in a file, remove anything before ># this line, and then unpack it by entering "sh file". Note, it may ># create directories; files and directories will be owned by you and ># have default permissions. ># ># This archive contains: ># ># owasp-dependency-check/ ># owasp-dependency-check/files ># owasp-dependency-check/files/owasp-dependency-check.in ># owasp-dependency-check/files/patch-dependency--check--cli-pom.xml ># owasp-dependency-check/distinfo ># owasp-dependency-check/Makefile ># owasp-dependency-check/pkg-descr ># >echo c - owasp-dependency-check/ >mkdir -p owasp-dependency-check/ > /dev/null 2>&1 >echo c - owasp-dependency-check/files >mkdir -p owasp-dependency-check/files > /dev/null 2>&1 >echo x - owasp-dependency-check/files/owasp-dependency-check.in >sed 's/^X//' >owasp-dependency-check/files/owasp-dependency-check.in << '6a69cc1539d469e2c234747246a3471d' >X#!/bin/sh >X# >X# $FreeBSD$ >X >X# By default, this writes to /var/cache/owasp-dependency-check/data/dc.h2.db to cache vulnerability databases. >X# Both read and write access to the cached database requires an exclusive lock file inside the same directory >X# (even with `--noupdate`), so it's recommended to specify `--data PATH_TO_DATA_DIRECTORY` to ensure usability >X# of the database by non-root users. Without the parameter, it defaults to write files into >X# /var/cache/owasp-dependency-check/data. >X# >X# `--cve*` arguments fix https://github.com/jeremylong/DependencyCheck/issues/1171 until the changed URLs >X# get released. >XJAVA_VERSION="%%JAVA_VERSION%%" \ >X "%%LOCALBASE%%/bin/java" \ >X -Dbasedir="/var/cache/owasp-dependency-check" \ >X -jar "%%JAVAJARDIR%%/owasp-dependency-check-%%PORTVERSION%%-jar-with-dependencies.jar" \ >X --cveUrl12Base "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz" \ >X --cveUrl20Base "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz" \ >X --cveUrl12Modified "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz" \ >X --cveUrl20Modified "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-modified.xml.gz" \ >X "$@" >6a69cc1539d469e2c234747246a3471d >echo x - owasp-dependency-check/files/patch-dependency--check--cli-pom.xml >sed 's/^X//' >owasp-dependency-check/files/patch-dependency--check--cli-pom.xml << 'd91e3b5a71bad49ba83a1ca83341d675' >X--- dependency-check-cli/pom.xml.orig 2018-01-29 03:12:27 UTC >X+++ dependency-check-cli/pom.xml >X@@ -91,7 +91,15 @@ Copyright (c) 2012 - Jeremy Long. All Ri >X <groupId>org.apache.maven.plugins</groupId> >X <artifactId>maven-assembly-plugin</artifactId> >X <configuration> >X+ <archive> >X+ <manifest> >X+ <mainClass>org.owasp.dependencycheck.App</mainClass> >X+ </manifest> >X+ </archive> >X <attach>false</attach> <!-- don't install/deploy this archive --> >X+ <descriptorRefs> >X+ <descriptorRef>jar-with-dependencies</descriptorRef> >X+ </descriptorRefs> >X </configuration> >X <executions> >X <execution> >d91e3b5a71bad49ba83a1ca83341d675 >echo x - owasp-dependency-check/distinfo >sed 's/^X//' >owasp-dependency-check/distinfo << '7ac324eac5d2cfcb6a6d2d0a013045a0' >XTIMESTAMP = 1519574725 >XSHA256 (FreeBSD-owasp-dependency-check-3.1.1-maven-repository.tar.gz) = 789b4d719baea0a04d9de8617794fcfce293745c69c2ba491b6e7bb8bf552e1c >XSIZE (FreeBSD-owasp-dependency-check-3.1.1-maven-repository.tar.gz) = 110834871 >XSHA256 (jeremylong-DependencyCheck-v3.1.1_GH0.tar.gz) = 63c89d2263a5dd01f7cc44e22b1172989192b928ff1b650277ffec13e5d168eb >XSIZE (jeremylong-DependencyCheck-v3.1.1_GH0.tar.gz) = 70973557 >7ac324eac5d2cfcb6a6d2d0a013045a0 >echo x - owasp-dependency-check/Makefile >sed 's/^X//' >owasp-dependency-check/Makefile << '6235b876f52b2829083531d1ebdbe263' >X# $FreeBSD$ >X >X# Note to committers: >X# With each version update, a new maven repository must be created and distributed >X# so build is repeatable and cluster-safe. >X >XPORTNAME= owasp-dependency-check >XPORTVERSION= 3.1.1 >XDISTVERSIONPREFIX= v >XCATEGORIES= security java >XMASTER_SITES= LOCAL/andidog/security/${PORTNAME}/:source2 >XDISTFILES+= FreeBSD-owasp-dependency-check-${PORTVERSION}-maven-repository.tar.gz:source2 >X >XMAINTAINER= andreas.sommer87@googlemail.com >XCOMMENT= Detects publicly disclosed vulnerabilities in project dependencies >X >XLICENSE= APACHE20 >X >XBUILD_DEPENDS= ${LOCALBASE}/share/java/maven/bin/mvn:devel/maven >X >XUSE_GITHUB= yes >XGH_ACCOUNT= jeremylong >XGH_PROJECT= DependencyCheck >X >XUSE_JAVA= yes >XJAVA_VERSION= 1.7+ >X >XNO_ARCH= yes >X >XSUB_FILES= owasp-dependency-check >XSUB_LIST= PORTVERSION=${PORTVERSION} >XPLIST_DIRS= /var/cache/owasp-dependency-check >XPLIST_FILES= bin/owasp-dependency-check \ >X ${JAVAJARDIR}/owasp-dependency-check-${PORTVERSION}-jar-with-dependencies.jar >X >Xdo-build: >X cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${LOCALBASE}/share/java/maven/bin/mvn \ >X --batch-mode -Dmaven.repo.local=${WRKDIR}/repository -DskipTests --offline package >X >Xdo-install: >X ${INSTALL_DATA} ${WRKSRC}/dependency-check-cli/target/dependency-check-${PORTVERSION}-jar-with-dependencies.jar \ >X ${STAGEDIR}${JAVAJARDIR}/owasp-dependency-check-${PORTVERSION}-jar-with-dependencies.jar >X ${INSTALL_SCRIPT} ${WRKDIR}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin >X ${MKDIR} ${STAGEDIR}/var/cache/owasp-dependency-check >X >X.include <bsd.port.mk> >6235b876f52b2829083531d1ebdbe263 >echo x - owasp-dependency-check/pkg-descr >sed 's/^X//' >owasp-dependency-check/pkg-descr << 'afe7bf82a96981e302494eca0c77395b' >XDependency-Check is a utility that attempts to detect publicly disclosed >Xvulnerabilities contained within project dependencies. It does this by >Xdetermining if there is a Common Platform Enumeration (CPE) identifier >Xfor a given dependency. If found, it will generate a report linking to >Xthe associated CVE entries. >X >XWWW: https://github.com/jeremylong/DependencyCheck >afe7bf82a96981e302494eca0c77395b >exit >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=192005">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 226206
:
191000
|
191001
|
191002
|
191003
|
191995
| 192005