When our pipeline runs and the SAST scan executes it is kicking off a SpotBugs analyzer that tries to build the project automatically (Maven build.) The build process is failing because the shared runners do not have access to our internal artifactory.
For policy and logistical reasons we are only using Gitlab CI for SAST and DAST scans for now.
Is there a way to disable the auto-building of the application through our CI configuration (or some other custom configuration for that analyzer?)
We understand that using a project specific runner in our environment is an option, but would still like to know if there is a way to simply execute the source scan without the build process.
Thanks!