Commit 3c3d0f32 authored by Rene Ladan's avatar Rene Ladan
Browse files

security/owasp-dependency-check: Remove expired port 

2026-02-28 security/owasp-dependency-check: This port is 9 major versions and almost 8 years behind on upstream. No maintainer. No users in the ports tree. Does not compile with jdk11+.
parent 21d10b6f

MOVED

+1 −0
Original line number Diff line number Diff line
@@ -5157,3 +5157,4 @@ graphics/imlib2-webp|graphics/imlib2|2026-02-28|Has expired: webp support is han 
devel/godot35|devel/godot|2026-02-28|Has expired: Legacy version should have been removed with devel/godot35-tools, consider migrating to devel/godot

www/nginx-vts-exporter|www/nginx-prometheus-exporter|2026-02-28|Has expired: Upstream is unmaintained; use www/nginx-prometheus-exporter instead

net/unison240||2026-02-28|Has expired: Legacy release unsupported by upstream

security/owasp-dependency-check||2026-02-28|Has expired: This port is 9 major versions and almost 8 years behind on upstream. No maintainer. No users in the ports tree. Does not compile with jdk11+

security/Makefile

+0 −1
Original line number Diff line number Diff line
@@ -478,7 +478,6 @@ 
    SUBDIR += osslsigncode

    SUBDIR += osv-scanner

    SUBDIR += otpw

    SUBDIR += owasp-dependency-check

    SUBDIR += p11-kit

    SUBDIR += p5-Alt-Crypt-RSA-BigInt

    SUBDIR += p5-Apache-Htpasswd

security/owasp-dependency-check/Makefile

deleted100644 → 0
+0 −51
Original line number Diff line number Diff line 
# Note to committers:

# With each version update, a new maven repository must be created and distributed

# so build is repeatable and cluster-safe.



PORTNAME=	owasp-dependency-check

PORTVERSION=	3.1.1

DISTVERSIONPREFIX=	v

PORTREVISION=	3

CATEGORIES=	security java

MASTER_SITES=	LOCAL/pi/:source2

DISTFILES+=	owasp-dependency-check-${PORTVERSION}-maven-repository.tar.gz:source2



MAINTAINER=	ports@FreeBSD.org

COMMENT=	Detects publicly disclosed vulnerabilities in project dependencies

WWW=		https://jeremylong.github.io/DependencyCheck \

		https://www.owasp.org/index.php/OWASP_Dependency_Check \

		https://jeremylong.github.io/DependencyCheck/dependency-check-cli/



LICENSE=	APACHE20

DEPRECATED=	This port is 9 major versions and almost 8 years behind on upstream. No maintainer. No users in the ports tree. Does not compile with jdk11+.

EXPIRATION_DATE=	2026-02-28



BUILD_DEPENDS=	maven>0:devel/maven



USES=		java

USE_GITHUB=	yes

GH_ACCOUNT=	jeremylong

GH_PROJECT=	DependencyCheck

JAVA_VERSION=	8



MAKE_ENV+=	JAVA_HOME=${JAVA_HOME}



NO_ARCH=	yes

SUB_FILES=	owasp-dependency-check

SUB_LIST=	PORTVERSION=${PORTVERSION}



PLIST_DIRS=	/var/cache/owasp-dependency-check

PLIST_FILES=	bin/owasp-dependency-check \

		${JAVAJARDIR}/owasp-dependency-check-${PORTVERSION}-jar-with-dependencies.jar



do-build:

	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${LOCALBASE}/bin/mvn \

		--batch-mode -Dmaven.repo.local=${WRKDIR}/repository -DskipTests --offline package



do-install:

	${INSTALL_DATA} ${WRKSRC}/dependency-check-cli/target/dependency-check-${PORTVERSION}-jar-with-dependencies.jar \

		${STAGEDIR}${JAVAJARDIR}/owasp-dependency-check-${PORTVERSION}-jar-with-dependencies.jar

	${INSTALL_SCRIPT} ${WRKDIR}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin

	${MKDIR} ${STAGEDIR}/var/cache/owasp-dependency-check



.include <bsd.port.mk>

security/owasp-dependency-check/distinfo

deleted100644 → 0
+0 −5
Original line number Diff line number Diff line 
TIMESTAMP = 1522498032

SHA256 (owasp-dependency-check-3.1.1-maven-repository.tar.gz) = 27d27cfa9659c0c4b03dc311e994570641caa2b5db558731bea2a1904fca31b9

SIZE (owasp-dependency-check-3.1.1-maven-repository.tar.gz) = 110896009

SHA256 (jeremylong-DependencyCheck-v3.1.1_GH0.tar.gz) = 63c89d2263a5dd01f7cc44e22b1172989192b928ff1b650277ffec13e5d168eb

SIZE (jeremylong-DependencyCheck-v3.1.1_GH0.tar.gz) = 70973557

security/owasp-dependency-check/files/owasp-dependency-check.in

deleted100644 → 0
+0 −18
Original line number Diff line number Diff line 
#!/bin/sh



# By default, this writes to /var/cache/owasp-dependency-check/data/dc.h2.db to cache vulnerability databases.

# Both read and write access to the cached database requires an exclusive lock file inside the same directory

# (even with `--noupdate`), so it's recommended to specify `--data PATH_TO_DATA_DIRECTORY` to ensure usability

# of the database by non-root users. Without the parameter, it defaults to write files into

# /var/cache/owasp-dependency-check/data.

#

# `--cve*` arguments fix https://github.com/jeremylong/DependencyCheck/issues/1171 until the changed URLs

# get released.

"%%LOCALBASE%%/bin/java" \

	-Dbasedir="/var/cache/owasp-dependency-check" \

	-jar "%%JAVAJARDIR%%/owasp-dependency-check-%%PORTVERSION%%-jar-with-dependencies.jar" \

	--cveUrl12Base "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz" \

	--cveUrl20Base "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz" \

	--cveUrl12Modified "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz" \

	--cveUrl20Modified "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-modified.xml.gz" \

	"$@"