GitLab Dependency Scanning with private repo

Team is using GitLab Ultimate, we utilize a private repo so following the instructions here: Secure your application | GitLab

Added a maven_settings.xml to set the repo:


The maven dependency scanning log shows:

[DEBU] [gemnasium-maven] [2022-06-28T18:33:09Z] ▶ Exporting dependencies for /builds/project_team/project/pom.xml [DEBU] [gemnasium-maven] [2022-06-28T18:35:18Z] ▶ /opt/asdf/shims/mvn install package --settings=maven_settings.xml -Drepository.password=[MASKED] -Drepository.user=project_user -Dmaven.repo.local=.m2/repository -DskipTests [INFO] Scanning for projects... `Downloading from central:

Should the bold text be the repository I specified in the maven_settings.xml?

It looks to me like this is actually an issue with the certificate being sent from the package repository. If it’s a local secret you may need to include the root CA as a valid certificate authority in your pipeline yaml.

1 Like

It looks like you are correct unable to find valid certification path to requested target -> [Help 1]

I will look into adding the certificate.