| Port details |
- bumblebee Read-only supply-chain exposure scanner for developer endpoints
- 0.1.1 security
 =0      Package not present on quarterly.This port was created during this quarter. It will be in the next quarterly branch but not the current one. - Maintainer: kiwi@FreeBSD.org
- Port Added: 2026-05-25 04:03:05
- Last Update: 2026-05-25 03:59:57
- Commit Hash: 214a20a
- License: APACHE20
- WWW:
- https://github.com/perplexityai/bumblebee
- Description:
- Bumblebee is a read-only inventory collector for package, extension, and
developer-tool metadata on developer endpoints, built to check exposure to
known software supply-chain compromises.
It answers a narrow supply-chain response question: when an advisory names a
package, extension, or version, which developer machines show a match in their
on-disk metadata right now?
SBOMs help answer what shipped, and EDR helps answer what ran or touched the
network, but supply-chain response often needs a different view: messy local
state across lockfiles, package-manager metadata, extension manifests, and
developer-tool configurations.
Bumblebee turns that scattered on-disk state into structured NDJSON component
records and, when given an exposure catalog, flags exact matches for fast,
read-only exposure checks.
Key properties:
- Single static binary, zero non-stdlib dependencies
- Three scan profiles (baseline, project, deep) for different populations
- Reads lockfiles, package-manager install metadata, extension manifests, and
MCP JSON configs — without executing any package manager
- Emits NDJSON output suitable for log-ingest pipelines
  ¦  ¦  ¦  ¦ 
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - USE_RC_SUBR (Service Scripts)
- no SUBR information found for this port
- Dependency lines:
-
- bumblebee>0:security/bumblebee
- To install the port:
- cd /usr/ports/security/bumblebee/ && make install clean
- To add the package, run one of these commands:
- pkg install security/bumblebee
- pkg install bumblebee
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: bumblebee
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1779677916
SHA256 (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.mod) = 9a0e32ee8b3e8ca297631170ac2c8589ddaf1718b4752ffeead357da683a9878
SIZE (go/security_bumblebee/perplexityai-bumblebee-v0.1.1_GH0/v0.1.1.mod) = 50
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- go125 : lang/go125
- Fetch dependencies:
-
- go125 : lang/go125
- There are no ports dependent upon this port
Configuration Options:- No options to configure
- Options name:
- security_bumblebee
- USES:
- go:modules zip
- FreshPorts was unable to extract/find any pkg message
- Master Sites:
|
Number of commits found: 1
| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
0.1.1
25 May 2026 03:59:57
 |
Xavier Beaudouin (kiwi) |
security/bumblebee: new port
Read-only supply-chain exposure scanner for developer endpoints |
Number of commits found: 1
|
As an Amazon Associate I earn from qualifying purchases.