Date: Sat, 28 Feb 2026 14:21:23 +0000 From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 3c3d0f327578 - main - security/owasp-dependency-check: Remove expired port Message-ID: <69a2f9e3.21ef4.4ec4b423@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=3c3d0f32757894874bf114f6ae3776ab5293abd3 commit 3c3d0f32757894874bf114f6ae3776ab5293abd3 Author: Rene Ladan <rene@FreeBSD.org> AuthorDate: 2026-02-28 14:21:16 +0000 Commit: Rene Ladan <rene@FreeBSD.org> CommitDate: 2026-02-28 14:21:16 +0000 security/owasp-dependency-check: Remove expired port 2026-02-28 security/owasp-dependency-check: This port is 9 major versions and almost 8 years behind on upstream. No maintainer. No users in the ports tree. Does not compile with jdk11+. --- MOVED | 1 + security/Makefile | 1 - security/owasp-dependency-check/Makefile | 51 ---------------------- security/owasp-dependency-check/distinfo | 5 --- .../files/owasp-dependency-check.in | 18 -------- .../files/patch-dependency--check--cli-pom.xml | 18 -------- security/owasp-dependency-check/pkg-descr | 5 --- 7 files changed, 1 insertion(+), 98 deletions(-) diff --git a/MOVED b/MOVED index 0e6aab452645..88712baac0de 100644 --- a/MOVED +++ b/MOVED @@ -5157,3 +5157,4 @@ graphics/imlib2-webp|graphics/imlib2|2026-02-28|Has expired: webp support is han devel/godot35|devel/godot|2026-02-28|Has expired: Legacy version should have been removed with devel/godot35-tools, consider migrating to devel/godot www/nginx-vts-exporter|www/nginx-prometheus-exporter|2026-02-28|Has expired: Upstream is unmaintained; use www/nginx-prometheus-exporter instead net/unison240||2026-02-28|Has expired: Legacy release unsupported by upstream +security/owasp-dependency-check||2026-02-28|Has expired: This port is 9 major versions and almost 8 years behind on upstream. No maintainer. No users in the ports tree. Does not compile with jdk11+ diff --git a/security/Makefile b/security/Makefile index 454303370b13..775b4e93d271 100644 --- a/security/Makefile +++ b/security/Makefile @@ -478,7 +478,6 @@ SUBDIR += osslsigncode SUBDIR += osv-scanner SUBDIR += otpw - SUBDIR += owasp-dependency-check SUBDIR += p11-kit SUBDIR += p5-Alt-Crypt-RSA-BigInt SUBDIR += p5-Apache-Htpasswd diff --git a/security/owasp-dependency-check/Makefile b/security/owasp-dependency-check/Makefile deleted file mode 100644 index e17b54cfa5c8..000000000000 --- a/security/owasp-dependency-check/Makefile +++ /dev/null @@ -1,51 +0,0 @@ -# Note to committers: -# With each version update, a new maven repository must be created and distributed -# so build is repeatable and cluster-safe. - -PORTNAME= owasp-dependency-check -PORTVERSION= 3.1.1 -DISTVERSIONPREFIX= v -PORTREVISION= 3 -CATEGORIES= security java -MASTER_SITES= LOCAL/pi/:source2 -DISTFILES+= owasp-dependency-check-${PORTVERSION}-maven-repository.tar.gz:source2 - -MAINTAINER= ports@FreeBSD.org -COMMENT= Detects publicly disclosed vulnerabilities in project dependencies -WWW= https://jeremylong.github.io/DependencyCheck \ - https://www.owasp.org/index.php/OWASP_Dependency_Check \ - https://jeremylong.github.io/DependencyCheck/dependency-check-cli/ - -LICENSE= APACHE20 -DEPRECATED= This port is 9 major versions and almost 8 years behind on upstream. No maintainer. No users in the ports tree. Does not compile with jdk11+. -EXPIRATION_DATE= 2026-02-28 - -BUILD_DEPENDS= maven>0:devel/maven - -USES= java -USE_GITHUB= yes -GH_ACCOUNT= jeremylong -GH_PROJECT= DependencyCheck -JAVA_VERSION= 8 - -MAKE_ENV+= JAVA_HOME=${JAVA_HOME} - -NO_ARCH= yes -SUB_FILES= owasp-dependency-check -SUB_LIST= PORTVERSION=${PORTVERSION} - -PLIST_DIRS= /var/cache/owasp-dependency-check -PLIST_FILES= bin/owasp-dependency-check \ - ${JAVAJARDIR}/owasp-dependency-check-${PORTVERSION}-jar-with-dependencies.jar - -do-build: - cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${LOCALBASE}/bin/mvn \ - --batch-mode -Dmaven.repo.local=${WRKDIR}/repository -DskipTests --offline package - -do-install: - ${INSTALL_DATA} ${WRKSRC}/dependency-check-cli/target/dependency-check-${PORTVERSION}-jar-with-dependencies.jar \ - ${STAGEDIR}${JAVAJARDIR}/owasp-dependency-check-${PORTVERSION}-jar-with-dependencies.jar - ${INSTALL_SCRIPT} ${WRKDIR}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin - ${MKDIR} ${STAGEDIR}/var/cache/owasp-dependency-check - -.include <bsd.port.mk> diff --git a/security/owasp-dependency-check/distinfo b/security/owasp-dependency-check/distinfo deleted file mode 100644 index 6655a77134ce..000000000000 --- a/security/owasp-dependency-check/distinfo +++ /dev/null @@ -1,5 +0,0 @@ -TIMESTAMP = 1522498032 -SHA256 (owasp-dependency-check-3.1.1-maven-repository.tar.gz) = 27d27cfa9659c0c4b03dc311e994570641caa2b5db558731bea2a1904fca31b9 -SIZE (owasp-dependency-check-3.1.1-maven-repository.tar.gz) = 110896009 -SHA256 (jeremylong-DependencyCheck-v3.1.1_GH0.tar.gz) = 63c89d2263a5dd01f7cc44e22b1172989192b928ff1b650277ffec13e5d168eb -SIZE (jeremylong-DependencyCheck-v3.1.1_GH0.tar.gz) = 70973557 diff --git a/security/owasp-dependency-check/files/owasp-dependency-check.in b/security/owasp-dependency-check/files/owasp-dependency-check.in deleted file mode 100644 index aa07af40d7df..000000000000 --- a/security/owasp-dependency-check/files/owasp-dependency-check.in +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -# By default, this writes to /var/cache/owasp-dependency-check/data/dc.h2.db to cache vulnerability databases. -# Both read and write access to the cached database requires an exclusive lock file inside the same directory -# (even with `--noupdate`), so it's recommended to specify `--data PATH_TO_DATA_DIRECTORY` to ensure usability -# of the database by non-root users. Without the parameter, it defaults to write files into -# /var/cache/owasp-dependency-check/data. -# -# `--cve*` arguments fix https://github.com/jeremylong/DependencyCheck/issues/1171 until the changed URLs -# get released. -"%%LOCALBASE%%/bin/java" \ - -Dbasedir="/var/cache/owasp-dependency-check" \ - -jar "%%JAVAJARDIR%%/owasp-dependency-check-%%PORTVERSION%%-jar-with-dependencies.jar" \ - --cveUrl12Base "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz" \ - --cveUrl20Base "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz" \ - --cveUrl12Modified "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz" \ - --cveUrl20Modified "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-modified.xml.gz" \ - "$@" diff --git a/security/owasp-dependency-check/files/patch-dependency--check--cli-pom.xml b/security/owasp-dependency-check/files/patch-dependency--check--cli-pom.xml deleted file mode 100644 index f0561fd156b9..000000000000 --- a/security/owasp-dependency-check/files/patch-dependency--check--cli-pom.xml +++ /dev/null @@ -1,18 +0,0 @@ ---- dependency-check-cli/pom.xml.orig 2018-01-29 03:12:27 UTC -+++ dependency-check-cli/pom.xml -@@ -91,7 +91,15 @@ Copyright (c) 2012 - Jeremy Long. All Ri - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-assembly-plugin</artifactId> - <configuration> -+ <archive> -+ <manifest> -+ <mainClass>org.owasp.dependencycheck.App</mainClass> -+ </manifest> -+ </archive> - <attach>false</attach> <!-- don't install/deploy this archive --> -+ <descriptorRefs> -+ <descriptorRef>jar-with-dependencies</descriptorRef> -+ </descriptorRefs> - </configuration> - <executions> - <execution> diff --git a/security/owasp-dependency-check/pkg-descr b/security/owasp-dependency-check/pkg-descr deleted file mode 100644 index 8be124460473..000000000000 --- a/security/owasp-dependency-check/pkg-descr +++ /dev/null @@ -1,5 +0,0 @@ -Dependency-Check is a utility that attempts to detect publicly disclosed -vulnerabilities contained within project dependencies. It does this by -determining if there is a Common Platform Enumeration (CPE) identifier -for a given dependency. If found, it will generate a report linking to -the associated CVE entries.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69a2f9e3.21ef4.4ec4b423>