new package

dependency-check/dependency-check.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+##
+##  dependency-check.sh -- Dependency Check startup wrapper script
+##
+
+eval `JAVA_PLATFORM="sun-jdk" @l_prefix@/bin/java-toolkit -e`
+exec @l_prefix@/libexec/dependency-check/bin/dependency-check.sh ${1+"$@"}
+

dependency-check/dependency-check.spec

@@ -0,0 +1,79 @@
+##
+##  dependency-check.spec -- OpenPKG RPM Package Specification
+##  Copyright (c) 2000-2020 OpenPKG Project <http://openpkg.org/>
+##
+##  Permission to use, copy, modify, and distribute this software for
+##  any purpose with or without fee is hereby granted, provided that
+##  the above copyright notice and this permission notice appear in all
+##  copies.
+##
+##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
+##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+##  SUCH DAMAGE.
+##
+
+#   package information
+Name:         dependency-check
+Summary:      OWASP Dependency Security Checker
+URL:          https://jeremylong.github.io/DependencyCheck/
+Vendor:       Jeremy Long
+Packager:     OpenPKG Project
+Distribution: OpenPKG Community
+Class:        EVAL
+Group:        Security
+License:      Apache
+Version:      5.3.0
+Release:      20200209
+
+#   list of sources
+Source0:      https://bintray.com/jeremy-long/owasp/download_file?file_path=dependency-check-%{version}-release.zip
+Source1:      dependency-check.sh
+
+#   build information
+BuildPreReq:  OpenPKG, openpkg >= 20160101
+PreReq:       OpenPKG, openpkg >= 20160101, java, JAVA-JDK
+
+%description
+    Dependency-Check is a Software Composition Analysis (SCA) tool that
+    attempts to detect publicly disclosed vulnerabilities contained
+    within a project's dependencies. It does this by determining if
+    there is a Common Platform Enumeration (CPE) identifier for a given
+    dependency. If found, it will generate a report linking to the
+    associated CVE entries.
+
+%track
+    prog dependency-check = {
+        version   = %{version}
+        url       = https://github.com/jeremylong/DependencyCheck/releases
+        regex     = v(__VER__)\.tar\.gz
+    }
+
+%prep
+    %setup -q -n dependency-check
+
+%build
+
+%install
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/bin \
+        $RPM_BUILD_ROOT%{l_prefix}/libexec/dependency-check
+    %{l_shtool} install -c -m 755 %{l_value -s -a} \
+        %{SOURCE dependency-check.sh} \
+        $RPM_BUILD_ROOT%{l_prefix}/bin/dependency-check
+    rm -f bin/*.bat
+    cp -rp bin lib $RPM_BUILD_ROOT%{l_prefix}/libexec/dependency-check/
+    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std}
+
+%files -f files
+
+%clean
+