From nobody Mon May 25 04:00:37 2026 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gP2Gt1SmTz6d9Rb for ; Mon, 25 May 2026 04:00:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gP2Gs6jx3z3q93 for ; Mon, 25 May 2026 04:00:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779681637; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JsxmC5bzQIZxBxquDCktHSIKLfGiBF3BZcWGlAVvIrM=; b=KGjNSqS5JwGuJDsmHjNBnKhF9BVNLb4jGKObQY+kvhNWAgjPnqtVsfzhzxF6vPV+mEkRnm Zic5eyeXx26vQ6DQKL8nJROQzqhZ+TlMp+J8tGPczC4MAlYXmpPFXz4spYnO8zhR/Bbavs tlxirBeDkoWI6DOp3URuc4qToJGYE1hBQDDR7OBY+tnmtE64j26mYrOexYA5XgWiKnltEf qZ7gFAaBfc85JCVzqWHL6K71atTMKIrY9+3UqWFSPH+awq3pECvqDOQ4+6F72W0soflNXO bdRoD8JmFvicfGi1DCyQWl3Nn642ZfCuU7sCP7+WEkSiPQWkkkNyAGPiKip62g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779681637; a=rsa-sha256; cv=none; b=DEJENsxtWRp9TFL03Xvi5BKQOL1ir5TOKKsqmTdzKimE4GjhkkAr9PWgJArFyjarXsLNaj dXajxBzLu431TxMiRdDBG3dCI+ZJJIgIsvnrOdKJZSXUH5kC2g/yIwquBiEOP2/33xJJwb SaFmH+Un8EsL5RHVZAIj1MNvzrx796AJDFqe25WK0vXYh1RMVwzBJyQ5bPzq7+kjitjL01 JldlsXjFE8kGVd9emYR+9+C0c8j2hZInODEy5YbuAkOWkk0SM35U6bKNMd3uFCZQzOV3w1 mPEVVu3IJkNV78t0EwJMMwoqjm4VEeFt0kbool/DXJx7CXvalUwu8E9iUWx61w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779681637; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JsxmC5bzQIZxBxquDCktHSIKLfGiBF3BZcWGlAVvIrM=; b=x2suO4NIgyMSlc0fs6KOChLDkiN1/AuAY1G/YHFiNRNPPQgtQLJvuBwUweVyR8i+uiUVyV 2B4xYxYqmOnb5vcF2W4eLo19P8Rrx4fWLX3ISARJej0w+qv9U2Zl3pE3k42jEzS1BIY6YJ CyeGxrbV8AVHt2/phehc2osNV19Q6JKuBbxmVoRpmTd3buyFcl3HuYhtPv+PNjszoAlhmv 3mh3PEnDbmUEeWPe7ovQSIeOZwni6MBTDmGtCZrdvOCHav9FD9OtIvNlj61QoehLmyVhQr kC22NRsEehWxM36f5jnV0lyWjNtWGkOjpManu+6a09cDYSImuJ9quLQGBcK5ow== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gP2Gs62qHz8Q9 for ; Mon, 25 May 2026 04:00:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 24283 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 25 May 2026 04:00:37 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Xavier Beaudouin Subject: git: 214a20af56c5 - main - security/bumblebee: new port List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kiwi X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 214a20af56c5bf88ed4944acca07c37b0a482430 Auto-Submitted: auto-generated Date: Mon, 25 May 2026 04:00:37 +0000 Message-Id: <6a13c965.24283.694d10e7@gitrepo.freebsd.org> The branch main has been updated by kiwi: URL: https://cgit.FreeBSD.org/ports/commit/?id=214a20af56c5bf88ed4944acca07c37b0a482430 commit 214a20af56c5bf88ed4944acca07c37b0a482430 Author: Xavier Beaudouin AuthorDate: 2026-05-25 03:58:32 +0000 Commit: Xavier Beaudouin CommitDate: 2026-05-25 03:59:57 +0000 security/bumblebee: new port Read-only supply-chain exposure scanner for developer endpoints --- security/Makefile | 1 + security/bumblebee/Makefile | 21 +++++++++++++++++++++ security/bumblebee/distinfo | 7 +++++++ security/bumblebee/pkg-descr | 23 +++++++++++++++++++++++ security/bumblebee/pkg-plist | 1 + 5 files changed, 53 insertions(+) diff --git a/security/Makefile b/security/Makefile index 0fe17581d792..e16c296ee353 100644 --- a/security/Makefile +++ b/security/Makefile @@ -64,6 +64,7 @@ SUBDIR += bsdsfv SUBDIR += bsmtrace SUBDIR += bsmtrace3 + SUBDIR += bumblebee SUBDIR += bzrtp SUBDIR += ca_root_nss SUBDIR += caesarcipher diff --git a/security/bumblebee/Makefile b/security/bumblebee/Makefile new file mode 100644 index 000000000000..f64ecf9eb748 --- /dev/null +++ b/security/bumblebee/Makefile @@ -0,0 +1,21 @@ +PORTNAME= bumblebee +DISTVERSIONPREFIX= v +DISTVERSION= 0.1.1 +CATEGORIES= security + +MAINTAINER= kiwi@FreeBSD.org +COMMENT= Read-only supply-chain exposure scanner for developer endpoints +WWW= https://github.com/perplexityai/bumblebee + +LICENSE= APACHE20 + +USES= go:modules + +USE_GITHUB= yes +GH_ACCOUNT= perplexityai + +GO_MODULE= github.com/perplexityai/bumblebee +GO_TARGET= ./cmd/bumblebee +GO_BUILDFLAGS= -ldflags "-X main.Version=${DISTVERSIONPREFIX}${DISTVERSION}" + +.include diff --git a/security/bumblebee/distinfo b/security/bumblebee/distinfo new file mode 100644 index 000000000000..a78afd9e06a2 --- /dev/null +++ b/security/bumblebee/distinfo @@ -0,0 +1,7 @@ +TIMESTAMP = 1779677916 +SHA256 (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.mod) = 9a0e32ee8b3e8ca297631170ac2c8589ddaf1718b4752ffeead357da683a9878 +SIZE (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.mod) = 50 +SHA256 (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.zip) = bf92e82b2bfc2752dec5c0c9fdfbcf2e08dee0be273b8afc7ef187e6ab50b266 +SIZE (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.zip) = 200337 +SHA256 (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/perplexityai-bumblebee-v0.1.1_GH0.tar.gz) = 559a5fa9ca48128fb113644e7800048b0b6c2ff3a33bc56fe5236582ba1686b0 +SIZE (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/perplexityai-bumblebee-v0.1.1_GH0.tar.gz) = 154198 diff --git a/security/bumblebee/pkg-descr b/security/bumblebee/pkg-descr new file mode 100644 index 000000000000..f6e12cbca6aa --- /dev/null +++ b/security/bumblebee/pkg-descr @@ -0,0 +1,23 @@ +Bumblebee is a read-only inventory collector for package, extension, and +developer-tool metadata on developer endpoints, built to check exposure to +known software supply-chain compromises. + +It answers a narrow supply-chain response question: when an advisory names a +package, extension, or version, which developer machines show a match in their +on-disk metadata right now? + +SBOMs help answer what shipped, and EDR helps answer what ran or touched the +network, but supply-chain response often needs a different view: messy local +state across lockfiles, package-manager metadata, extension manifests, and +developer-tool configurations. + +Bumblebee turns that scattered on-disk state into structured NDJSON component +records and, when given an exposure catalog, flags exact matches for fast, +read-only exposure checks. + +Key properties: +- Single static binary, zero non-stdlib dependencies +- Three scan profiles (baseline, project, deep) for different populations +- Reads lockfiles, package-manager install metadata, extension manifests, and + MCP JSON configs — without executing any package manager +- Emits NDJSON output suitable for log-ingest pipelines diff --git a/security/bumblebee/pkg-plist b/security/bumblebee/pkg-plist new file mode 100644 index 000000000000..b24bf880f036 --- /dev/null +++ b/security/bumblebee/pkg-plist @@ -0,0 +1 @@ +bin/bumblebee