Gemnasium-maven-dependency_scanning

Hello,

I use GitLab to build my Java app. I included “Security/Dependency-Scanning.gitlab-ci.yml” template to my pipeline for dependency scanning. Then I found, that this scanning does another build by Maven from scratch for its purpose. To avoid the dependencies downloading again, I specified a variable:

variables:
  MAVEN_OPTS: "-Dmaven.repo.local=.m2/repository"

Also I set:

cache:
    paths:
      - .m2/repository/

in the build stage in hope that next stage (“dependencies scanning”) will use this directory with already downloaded dependencies. But it doesn’t help, dependencies download again.

Does anyone can help with this?

Thanks.