Merge branch '34577-add-dep-scanner-var-maven' into 'master'

Add mvn dep scan var and docs for it See merge request gitlab-org/gitlab!19174

Merge branch '34577-add-dep-scanner-var-maven' into 'master'
Add mvn dep scan var and docs for it See merge request gitlab-org/gitlab!19174
0ccb37b3 · Achilleas Pipinellis · 8ea61628 · 0e306308 · 0ccb37b3 · 0ccb37b3
Commit 0ccb37b3 authored Nov 07, 2019 by Achilleas Pipinellis
3 changed files
--- a/changelogs/unreleased/34577-add-dep-scanner-var-maven.yml
+++ b/changelogs/unreleased/34577-add-dep-scanner-var-maven.yml
+---
+title: Add maven cli opts flag to maven security analyzer (part of dependency scanning)
+merge_request: 19174
+author:
+type: changed
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -140,6 +140,33 @@ using environment variables.
 | `DS_RUN_ANALYZER_TIMEOUT`               | Time limit when running an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h`, or `2h45m`. | |
 | `PIP_INDEX_URL`                         | Base URL of Python Package Index (default `https://pypi.org/simple`). | |
 | `PIP_EXTRA_INDEX_URL`                   | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. | |
+| `MAVEN_CLI_OPTS`                        | List of command line arguments that will be passed to the maven analyzer during the project's build phase (see example for [using private repos](#using-private-maven-repos)). | |
+
+### Using private Maven repos
+
+If you have a private Maven repository which requires login credentials,
+you can use the `MAVEN_CLI_OPTS` environment variable to pass variables
+specified in your settings (e.g., username, password, etc.).
+
+For example, if you have a settings file in your project source (e.g., `mysettings.xml`)
+that looks like the following, you can specify the variables
+[by adding an entry under your project's settings](../../../ci/variables/README.md#via-the-ui),
+so that you don't have to expose your private data in `.gitlab-ci.yml` (e.g., adding
+`MAVEN_CLI_OPTS` with value `--settings mysettings.xml -Dprivate.username=foo -Dprivate.password=bar`).
+
+```xml
+<!-- mysettings.xml -->
+<settings>
+    ...
+    <servers>
+        <server>
+            <id>private_server</id>
+            <username>${private.username}</username>
+            <password>${private.password}</password>
+        </server>
+    </servers>
+</settings>
+```

 ## Interacting with the vulnerabilities


--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -51,6 +51,7 @@ dependency_scanning:
          DS_PIP_DEPENDENCY_PATH \
          PIP_INDEX_URL \
          PIP_EXTRA_INDEX_URL \
+          MAVEN_CLI_OPTS \
        ) \
        --volume "$PWD:/code" \
        --volume /var/run/docker.sock:/var/run/docker.sock \