DependencyScanning - Maven + GitLab Package Repository

Hi all!
I’ve a project who uses Gitlab package registry to host some custom maven libs.
I want to use Dependency Scanning in my pipeline, which I’m enabling as follows:

include:

  • template: Jobs/SAST.latest.gitlab-ci.yml
  • template: Jobs/Secret-Detection.latest.gitlab-ci.yml
  • template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml

When my pipeline runs, the gemnasium job fails because it didn’t find my custom libs.

Caused by: org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact com.xxx:xxxx:jar:1.0.0 in gitlab-maven (https://gitlab.com/api/v4/groups/######/-/packages/maven)
My guess is: the gemnasium job doesn’t know how to locate that lib, so I thought the solution maybe pass as an argument the ci_settings.xml file, but I’m unable to do so.
Any thought would be very appreciated.

Thanks!

I’ve found my error!
To override the default behaviour of the job, you must add variables, declaring exactly the job’s name, in this case “gemnasium-maven-dependency_scanning”. The variable I’ve added was MAVEN_CLI_OPTS, with value “–settings ci_settings.xml”

That’s all! :slight_smile:

1 Like

Thanks for sharing your solution here for anyone else who runs into this, @marcosp ! :pray: :bowing_man: :star: