Date: Mon, 25 May 2026 04:00:37 +0000 From: Xavier Beaudouin <kiwi@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 214a20af56c5 - main - security/bumblebee: new port Message-ID: <6a13c965.24283.694d10e7@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by kiwi: URL: https://cgit.FreeBSD.org/ports/commit/?id=214a20af56c5bf88ed4944acca07c37b0a482430 commit 214a20af56c5bf88ed4944acca07c37b0a482430 Author: Xavier Beaudouin <kiwi@FreeBSD.org> AuthorDate: 2026-05-25 03:58:32 +0000 Commit: Xavier Beaudouin <kiwi@FreeBSD.org> CommitDate: 2026-05-25 03:59:57 +0000 security/bumblebee: new port Read-only supply-chain exposure scanner for developer endpoints --- security/Makefile | 1 + security/bumblebee/Makefile | 21 +++++++++++++++++++++ security/bumblebee/distinfo | 7 +++++++ security/bumblebee/pkg-descr | 23 +++++++++++++++++++++++ security/bumblebee/pkg-plist | 1 + 5 files changed, 53 insertions(+) diff --git a/security/Makefile b/security/Makefile index 0fe17581d792..e16c296ee353 100644 --- a/security/Makefile +++ b/security/Makefile @@ -64,6 +64,7 @@ SUBDIR += bsdsfv SUBDIR += bsmtrace SUBDIR += bsmtrace3 + SUBDIR += bumblebee SUBDIR += bzrtp SUBDIR += ca_root_nss SUBDIR += caesarcipher diff --git a/security/bumblebee/Makefile b/security/bumblebee/Makefile new file mode 100644 index 000000000000..f64ecf9eb748 --- /dev/null +++ b/security/bumblebee/Makefile @@ -0,0 +1,21 @@ +PORTNAME= bumblebee +DISTVERSIONPREFIX= v +DISTVERSION= 0.1.1 +CATEGORIES= security + +MAINTAINER= kiwi@FreeBSD.org +COMMENT= Read-only supply-chain exposure scanner for developer endpoints +WWW= https://github.com/perplexityai/bumblebee + +LICENSE= APACHE20 + +USES= go:modules + +USE_GITHUB= yes +GH_ACCOUNT= perplexityai + +GO_MODULE= github.com/perplexityai/bumblebee +GO_TARGET= ./cmd/bumblebee +GO_BUILDFLAGS= -ldflags "-X main.Version=${DISTVERSIONPREFIX}${DISTVERSION}" + +.include <bsd.port.mk> diff --git a/security/bumblebee/distinfo b/security/bumblebee/distinfo new file mode 100644 index 000000000000..a78afd9e06a2 --- /dev/null +++ b/security/bumblebee/distinfo @@ -0,0 +1,7 @@ +TIMESTAMP = 1779677916 +SHA256 (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.mod) = 9a0e32ee8b3e8ca297631170ac2c8589ddaf1718b4752ffeead357da683a9878 +SIZE (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.mod) = 50 +SHA256 (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.zip) = bf92e82b2bfc2752dec5c0c9fdfbcf2e08dee0be273b8afc7ef187e6ab50b266 +SIZE (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.zip) = 200337 +SHA256 (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/perplexityai-bumblebee-v0.1.1_GH0.tar.gz) = 559a5fa9ca48128fb113644e7800048b0b6c2ff3a33bc56fe5236582ba1686b0 +SIZE (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/perplexityai-bumblebee-v0.1.1_GH0.tar.gz) = 154198 diff --git a/security/bumblebee/pkg-descr b/security/bumblebee/pkg-descr new file mode 100644 index 000000000000..f6e12cbca6aa --- /dev/null +++ b/security/bumblebee/pkg-descr @@ -0,0 +1,23 @@ +Bumblebee is a read-only inventory collector for package, extension, and +developer-tool metadata on developer endpoints, built to check exposure to +known software supply-chain compromises. + +It answers a narrow supply-chain response question: when an advisory names a +package, extension, or version, which developer machines show a match in their +on-disk metadata right now? + +SBOMs help answer what shipped, and EDR helps answer what ran or touched the +network, but supply-chain response often needs a different view: messy local +state across lockfiles, package-manager metadata, extension manifests, and +developer-tool configurations. + +Bumblebee turns that scattered on-disk state into structured NDJSON component +records and, when given an exposure catalog, flags exact matches for fast, +read-only exposure checks. + +Key properties: +- Single static binary, zero non-stdlib dependencies +- Three scan profiles (baseline, project, deep) for different populations +- Reads lockfiles, package-manager install metadata, extension manifests, and + MCP JSON configs — without executing any package manager +- Emits NDJSON output suitable for log-ingest pipelines diff --git a/security/bumblebee/pkg-plist b/security/bumblebee/pkg-plist new file mode 100644 index 000000000000..b24bf880f036 --- /dev/null +++ b/security/bumblebee/pkg-plist @@ -0,0 +1 @@ +bin/bumblebeehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a13c965.24283.694d10e7>