I’ve a project who uses Gitlab package registry to host some custom maven libs.
I want to use Dependency Scanning in my pipeline, which I’m enabling as follows:
- template: Jobs/SAST.latest.gitlab-ci.yml
- template: Jobs/Secret-Detection.latest.gitlab-ci.yml
- template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml
When my pipeline runs, the gemnasium job fails because it didn’t find my custom libs.
Caused by: org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact com.xxx:xxxx:jar:1.0.0 in gitlab-maven (https://gitlab.com/api/v4/groups/######/-/packages/maven)
My guess is: the gemnasium job doesn’t know how to locate that lib, so I thought the solution maybe pass as an argument the ci_settings.xml file, but I’m unable to do so.
Any thought would be very appreciated.