2 changed files with 87 additions and 0 deletions
@ -0,0 +1,8 @@
|
||||
#!/bin/sh |
||||
## |
||||
## dependency-check.sh -- Dependency Check startup wrapper script |
||||
## |
||||
|
||||
eval `JAVA_PLATFORM="sun-jdk" @l_prefix@/bin/java-toolkit -e` |
||||
exec @l_prefix@/libexec/dependency-check/bin/dependency-check.sh ${1+"$@"} |
||||
|
||||
@ -0,0 +1,79 @@
|
||||
## |
||||
## dependency-check.spec -- OpenPKG RPM Package Specification |
||||
## Copyright (c) 2000-2020 OpenPKG Project <http://openpkg.org/> |
||||
## |
||||
## Permission to use, copy, modify, and distribute this software for |
||||
## any purpose with or without fee is hereby granted, provided that |
||||
## the above copyright notice and this permission notice appear in all |
||||
## copies. |
||||
## |
||||
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
||||
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
||||
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
||||
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR |
||||
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||||
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
||||
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
||||
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
||||
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
||||
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
||||
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
||||
## SUCH DAMAGE. |
||||
## |
||||
|
||||
# package information |
||||
Name: dependency-check |
||||
Summary: OWASP Dependency Security Checker |
||||
URL: https://jeremylong.github.io/DependencyCheck/ |
||||
Vendor: Jeremy Long |
||||
Packager: OpenPKG Project |
||||
Distribution: OpenPKG Community |
||||
Class: EVAL |
||||
Group: Security |
||||
License: Apache |
||||
Version: 5.3.0 |
||||
Release: 20200209 |
||||
|
||||
# list of sources |
||||
Source0: https://bintray.com/jeremy-long/owasp/download_file?file_path=dependency-check-%{version}-release.zip |
||||
Source1: dependency-check.sh |
||||
|
||||
# build information |
||||
BuildPreReq: OpenPKG, openpkg >= 20160101 |
||||
PreReq: OpenPKG, openpkg >= 20160101, java, JAVA-JDK |
||||
|
||||
%description |
||||
Dependency-Check is a Software Composition Analysis (SCA) tool that |
||||
attempts to detect publicly disclosed vulnerabilities contained |
||||
within a project's dependencies. It does this by determining if |
||||
there is a Common Platform Enumeration (CPE) identifier for a given |
||||
dependency. If found, it will generate a report linking to the |
||||
associated CVE entries. |
||||
|
||||
%track |
||||
prog dependency-check = { |
||||
version = %{version} |
||||
url = https://github.com/jeremylong/DependencyCheck/releases |
||||
regex = v(__VER__)\.tar\.gz |
||||
} |
||||
|
||||
%prep |
||||
%setup -q -n dependency-check |
||||
|
||||
%build |
||||
|
||||
%install |
||||
%{l_shtool} mkdir -f -p -m 755 \ |
||||
$RPM_BUILD_ROOT%{l_prefix}/bin \ |
||||
$RPM_BUILD_ROOT%{l_prefix}/libexec/dependency-check |
||||
%{l_shtool} install -c -m 755 %{l_value -s -a} \ |
||||
%{SOURCE dependency-check.sh} \ |
||||
$RPM_BUILD_ROOT%{l_prefix}/bin/dependency-check |
||||
rm -f bin/*.bat |
||||
cp -rp bin lib $RPM_BUILD_ROOT%{l_prefix}/libexec/dependency-check/ |
||||
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std} |
||||
|
||||
%files -f files |
||||
|
||||
%clean |
||||
|
||||
Loading…
Reference in new issue