ERROR license_scanning

Hi all,

I hope you’re doing well. I am currently working on a project where we have integrated GitLab CI/CD pipelines for automating various tasks, including license scanning. However, I am facing an issue with the license_scanning job, and I could really use some assistance from the community.

Here’s the error I am encountering:

$ cat <<EOF> "$SETUP_CMD" # collapsed multi-line command
$ / analyze .
Selecting previously unselected package asdf.
(Reading database ... 20275 files and directories currently installed.)
Preparing to unpack .../asdf_0.7.8-1_amd64.deb ...
Unpacking asdf (0.7.8-1) ...
Setting up asdf (0.7.8-1) ...
Running '/opt/gitlab/' to install project dependencies…
You must specify a name and a version to install
Unknown release: openjdk-
/opt/gitlab/ line 6: mvn: command not found
Uploading artifacts for failed job
Uploading artifacts...
WARNING: gl-license-scanning-report.json: no matching files 
ERROR: No files to upload                          
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1

I have included the Security/License-Scanning.gitlab-ci.yml template in my .gitlab-ci.yml file, and the license_scanning job is defined with specific settings for license scanning.

Here’s the relevant part of my .gitlab-ci.yml:

yamlCopy code

  - template: Security/License-Scanning.gitlab-ci.yml

  stage: test
    - aker_internal
    - Version updates - compile version
  dependencies: []
    LICENSE_FINDER_CLI_OPTS: '--recursive'
    MAVEN_OPTS: ""
    MAVEN_CLI_OPTS: "-DskipTests --batch-mode -ntp"
    SETUP_CMD: "/opt/gitlab/"
    - |-
      cat <<EOF> "$SETUP_CMD"
      # Install the versions of Maven and Java we use
      asdf install maven $ASDF_MAVEN_VERSION
      asdf install java $ASDF_JAVA_VERSION
      # This is to workaround issue where a GitLab pipeline tries to download our modules from public repositories
      # which does not happen when running the container outside of a pipeline:
      mvn install ${MAVEN_CLI_OPTS} -Dmaven.test.skip=true -f "$MAVEN_ROOT" ${MAVEN_SETTINGS_FILE:+-s "$MAVEN_ROOT/$MAVEN_SETTINGS_FILE"}
      chmod +x "$SETUP_CMD"
    - !reference [.workflow_rules, standard_workflow]

I suspect that there might be an issue with the custom setup or the availability of Maven (mvn) during the job execution. The job seems to fail when trying to install the project dependencies.

If anyone has encountered a similar problem or has experience with GitLab CI/CD and license scanning, your insights and suggestions would be greatly appreciated. I’m open to any ideas or potential solutions to resolve this issue.

Thank you all for your time and support!

Best regards,

It seems that the variable that specifies the openjdk version, has an empty value.


Where is CI_JAVA_RELEASE defined?

The same error seems to apply for the maven variable, leading to a silent asdf install error, without installing anything.

Hi @dnsmichi
these are variables from Gitlab i think , it is no into my env variable , was working till last week

Predefined CI/CD variables do not include


Looking at the included template

lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml · master · / GitLab · GitLab was moved to lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml · master · / GitLab · GitLab I do not see the variables in the included template. Suggest checking the pipeline editor tab view full configuration to inspect whether the variables are inherited and set somewhere else.

If not in the CI/CD configuration files, the variables might be configured in the CI/CD settings. Maybe these variables are limited in their scope, i.e. they are protected and only available on protected branches. When the pipeline is triggered from a feature branch or MR, the variables are not available, thus generating the errors you see.

Which GitLab version is involved (add /help to the main instance URL), and how is GitLab installed (self-managed: Omnibus packages, Docker, Helm chart, etc. or SaaS).

The license_scanning job and License-Scanning.gitlab-ci.yml CI template was deprecated in GitLab 15.9.

You should instead migrate to use License approval policies and the new method of license scanning prior to GitLab 16.1.

License scanning no longer uses License-Scanning.gitlab-ci.yml, so you’ll want to remove and any customizations to the license_scanning job. The new method to enable and use License scanning can be found here: License scanning of CycloneDX files | GitLab

1 Like