Maven Scans with Private Repositories

Problem

Maven fails due to dependencies that reference private repositories in Ithe DE plugin or CI/CD pipeline.

Investigation

  • Try running CLI standalone with the repository.

  • Check to see if Maven profiles or Maven settings are used for running the build (for example, located in .mvn ).

  • Check to see if the pipeline has access to the private sources.

Dependencies need to be downloaded from a private repository and the Snyk CLI shows that the download fails in the error message.

Solution

You can establish Maven settings or a profile containing the connection information, for example, with -- -s your-home-directory/.m2/settings.xml or -- -Dprofile=my-profile.

These parameters can be passed on to the CLI using the Additional Parameters plugin setting in IDE. For CI/CDs. this should be passed as a pipeline argument if the Snyk CLI used directly, or a correct path mapping should be provided, if run in Docker image.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.