GitLab Dependency Scanning with private repo

Team is using GitLab Ultimate, we utilize a private repo so following the instructions here: Secure your application | GitLab

Added a maven_settings.xml to set the repo:

<settings>
    <servers>
        <server>
            <id>https://nexus.global.company.com/repository/maven-central-proxy/</id>
            <username>${private.username}</username>
            <password>${private.password}</password>
        </server>
    </servers>
</settings>

The maven dependency scanning log shows:

[DEBU] [gemnasium-maven] [2022-06-28T18:33:09Z] ▶ Exporting dependencies for /builds/project_team/project/pom.xml [DEBU] [gemnasium-maven] [2022-06-28T18:35:18Z] ▶ /opt/asdf/shims/mvn install package -Djavax.net.ssl.trustStore=/usr/local/openjdk-11/jre/lib/security/cacerts -Djavax.net.ssl.trustStore=/lib/security/cacerts --settings=maven_settings.xml -Drepository.password=[MASKED] -Drepository.user=project_user -Dmaven.repo.local=.m2/repository -DskipTests [INFO] Scanning for projects... `Downloading from central: https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-dependencies/2.6.7/spring-boot-dependencies-2.6.7.pom

Should the bold text be the repository I specified in the maven_settings.xml?

It looks to me like this is actually an issue with the certificate being sent from the package repository. If it’s a local secret you may need to include the root CA as a valid certificate authority in your pipeline yaml.

It looks like you are correct

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

I will look into adding the certificate.

Thanks!