1  .\"
  2  .\" FreeBSD pkg - a next generation package for the installation and maintenance
  3  .\" of non-core utilities.
  4  .\"
  5  .\" Redistribution and use in source and binary forms, with or without
  6  .\" modification, are permitted provided that the following conditions
  7  .\" are met:
  8  .\" 1. Redistributions of source code must retain the above copyright
  9  .\"    notice, this list of conditions and the following disclaimer.
 10  .\" 2. Redistributions in binary form must reproduce the above copyright
 11  .\"    notice, this list of conditions and the following disclaimer in the
 12  .\"    documentation and/or other materials provided with the distribution.
 13  .\"
 14  .\"
 15  .\"     @(#)pkg.8
 16  .\"
 17  .Dd March 1, 2022
 18  .Dt PKG-AUDIT 8
 19  .Os
 20  .Sh NAME
 21  .Nm "pkg audit"
 22  .Nd audit installed packages against known vulnerabilities
 23  .Sh SYNOPSIS
 24  .Nm
 25  .Op Fl Fqr
 26  .Op Fl f Ar filename
 27  .Op Fl R Ns Op Ar format
 28  .Op Ar pkg-name
 29  .Pp
 30  .Nm
 31  .Op Cm --{fetch,quiet,recursive}
 32  .Op Fl -file Ar filename
 33  .Op Fl -raw Ns Op Cm = Ns Ar format
 34  .Op Ar pkg-name
 35  .Sh DESCRIPTION
 36  .Nm
 37  checks installed packages for known vulnerabilities and generates reports
 38  including references to security advisories.
 39  Its intended audience is system
 40  administrators and individual users.
 41  .Pp
 42  .Nm
 43  uses a database maintained by port committers and the
 44  .Fx
 45  security team
 46  to check if security advisories for any installed packages exist.
 47  Note that a current ports tree (or any local copy of the ports tree) is not
 48  required for operation.
 49  .Pp
 50  The URL that is used to fetch the database can be overridden via
 51  the VULNXML_SITE config variable.
 52  See
 53  .Xr pkg.conf 5
 54  for more information.
 55  .Pp
 56  If you have a vulnerable package installed, you are advised to update or
 57  deinstall it immediately.
 58  .Pp
 59  Supplying a
 60  .Ar pkg-name
 61  will audit only that package.
 62  .Sh OPTIONS
 63  The following options are supported by
 64  .Nm :
 65  .Bl -tag -width indent
 66  .It Fl d Ar directory , Cm --directory Ar directory
 67  Audit packages found in the specified
 68  .Ar directory
 69  instead of the installed package database.
 70  .It Fl F , Cm --fetch
 71  Fetch the database before checking.
 72  .It Fl f Ar filename , Fl -file Ar filename
 73  Use
 74  .Pa filename
 75  as the local copy of the vulnerability database.
 76  If used in combination with
 77  .Fl F
 78  download the vulnerability database to the named
 79  .Pa filename
 80  before auditing installed ports against it.
 81  .It Fl q , Fl -quiet
 82  Be
 83  .Dq quiet .
 84  Prints only the requested information without
 85  displaying many hints.
 86  .It Fl R Ns Oo Ar format Oc , Fl -raw Ns Op Cm = Ns Ar format
 87  Present the output in one of the following formats:
 88  .Pp
 89  .Bl -bullet -compact
 90  .It
 91  .Cm json
 92  .It
 93  .Cm json-compact
 94  .It
 95  .Cm ucl
 96  .It
 97  .Cm yaml
 98  .El
 99  .Pp
100  In case
101  .Ar format
102  is not provided, it defaults to
103  .Cm ucl .
104  .It Fl r , Fl -recursive
105  Prints packages that depend on vulnerable packages and are thus
106  potentially vulnerable as well.
107  .El
108  .Sh ENVIRONMENT
109  The following environment variables affect the execution of
110  .Nm .
111  See
112  .Xr pkg.conf 5
113  for further description.
114  .Bl -tag -width ".Ev NO_DESCRIPTIONS"
115  .It Ev PKG_DBDIR
116  .It Ev VULNXML_SITE
117  .El
118  .Sh FILES
119  See
120  .Xr pkg.conf 5 .
121  .Sh SEE ALSO
122  .Xr pkg_create 3 ,
123  .Xr pkg_printf 3 ,
124  .Xr pkg_repo_create 3 ,
125  .Xr pkg_repos 3 ,
126  .Xr pkg-keywords 5 ,
127  .Xr pkg-lua-script 5 ,
128  .Xr pkg-repository 5 ,
129  .Xr pkg-script 5 ,
130  .Xr pkg-triggers 5 ,
131  .Xr pkg.conf 5 ,
132  .Xr pkg 8 ,
133  .Xr pkg-add 8 ,
134  .Xr pkg-alias 8 ,
135  .Xr pkg-annotate 8 ,
136  .Xr pkg-autoremove 8 ,
137  .Xr pkg-check 8 ,
138  .Xr pkg-clean 8 ,
139  .Xr pkg-config 8 ,
140  .Xr pkg-create 8 ,
141  .Xr pkg-delete 8 ,
142  .Xr pkg-fetch 8 ,
143  .Xr pkg-help 8 ,
144  .Xr pkg-info 8 ,
145  .Xr pkg-install 8 ,
146  .Xr pkg-key 8 ,
147  .Xr pkg-lock 8 ,
148  .Xr pkg-plugins 8 ,
149  .Xr pkg-query 8 ,
150  .Xr pkg-register 8 ,
151  .Xr pkg-repo 8 ,
152  .Xr pkg-repositories 8 ,
153  .Xr pkg-rquery 8 ,
154  .Xr pkg-search 8 ,
155  .Xr pkg-set 8 ,
156  .Xr pkg-shell 8 ,
157  .Xr pkg-shlib 8 ,
158  .Xr pkg-ssh 8 ,
159  .Xr pkg-stats 8 ,
160  .Xr pkg-triggers 8 ,
161  .Xr pkg-unregister 8 ,
162  .Xr pkg-update 8 ,
163  .Xr pkg-updating 8 ,
164  .Xr pkg-upgrade 8 ,
165  .Xr pkg-version 8 ,
166  .Xr pkg-which 8