Commit 9bf6f182 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'private-maven-repo-docs' into 'master'

Consolidate docs on using private Maven repositories

See merge request gitlab-org/gitlab!27909
parents e990cfc6 88b77fef
...@@ -167,7 +167,7 @@ The following variables are used for configuring specific analyzers (used for a ...@@ -167,7 +167,7 @@ The following variables are used for configuring specific analyzers (used for a
| `DS_PIP_VERSION` | `gemnasium-python` | | Force the install of a specific pip version (example: `"19.3"`), otherwise the pip installed in the Docker image is used. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12811) in GitLab 12.7) | | `DS_PIP_VERSION` | `gemnasium-python` | | Force the install of a specific pip version (example: `"19.3"`), otherwise the pip installed in the Docker image is used. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12811) in GitLab 12.7) |
| `DS_PIP_DEPENDENCY_PATH` | `gemnasium-python` | | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) | | `DS_PIP_DEPENDENCY_PATH` | `gemnasium-python` | | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) |
| `DS_PYTHON_VERSION` | `retire.js` | | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)| | `DS_PYTHON_VERSION` | `retire.js` | | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)|
| `MAVEN_CLI_OPTS` | `gemnasium-maven` | `"-DskipTests --batch-mode"` | List of command line arguments that will be passed to `maven` by the analyzer. See an example for [using private repos](#using-private-maven-repos). | | `MAVEN_CLI_OPTS` | `gemnasium-maven` | `"-DskipTests --batch-mode"` | List of command line arguments that will be passed to `maven` by the analyzer. See an example for [using private repos](../index.md#using-private-maven-repos). |
| `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `"false"` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline, air-gapped environment.| | `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `"false"` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline, air-gapped environment.|
| `BUNDLER_AUDIT_ADVISORY_DB_URL` | `bundler-audit` | `https://github.com/rubysec/ruby-advisory-db` | URL of the advisory database used by bundler-audit. | | `BUNDLER_AUDIT_ADVISORY_DB_URL` | `bundler-audit` | `https://github.com/rubysec/ruby-advisory-db` | URL of the advisory database used by bundler-audit. |
| `BUNDLER_AUDIT_ADVISORY_DB_REF_NAME` | `bundler-audit` | `master` | Git ref for the advisory database specified by `BUNDLER_AUDIT_ADVISORY_DB_URL`. | | `BUNDLER_AUDIT_ADVISORY_DB_REF_NAME` | `bundler-audit` | `master` | Git ref for the advisory database specified by `BUNDLER_AUDIT_ADVISORY_DB_URL`. |
...@@ -177,28 +177,9 @@ The following variables are used for configuring specific analyzers (used for a ...@@ -177,28 +177,9 @@ The following variables are used for configuring specific analyzers (used for a
### Using private Maven repos ### Using private Maven repos
If you have a private Maven repository which requires login credentials, If you have a private Maven repository which requires login credentials,
you can use the `MAVEN_CLI_OPTS` environment variable to pass variables you can use the `MAVEN_CLI_OPTS` environment variable.
specified in your settings (e.g., username, password, etc.).
Read more on [how to use private Maven repos](../index.md#using-private-maven-repos).
For example, if you have a settings file in your project source (e.g., `mysettings.xml`)
that looks like the following, you can specify the variables
[by adding an entry under your project's settings](../../../ci/variables/README.md#via-the-ui),
so that you don't have to expose your private data in `.gitlab-ci.yml` (e.g., adding
`MAVEN_CLI_OPTS` with value `--settings mysettings.xml -Dprivate.username=foo -Dprivate.password=bar`).
```xml
<!-- mysettings.xml -->
<settings>
...
<servers>
<server>
<id>private_server</id>
<username>${private.username}</username>
<password>${private.password}</password>
</server>
</servers>
</settings>
```
### Disabling Docker in Docker for Dependency Scanning ### Disabling Docker in Docker for Dependency Scanning
......
...@@ -251,6 +251,35 @@ environment. ...@@ -251,6 +251,35 @@ environment.
Read how to [operate the Secure scanners in an offline environment](offline_deployments/index.md). Read how to [operate the Secure scanners in an offline environment](offline_deployments/index.md).
## Using private Maven repos
If you have a private Apache Maven repository that requires login credentials,
you can use the `MAVEN_CLI_OPTS` environment variable
to pass a username and password. You can set it under your project's settings
so that your credentials aren't exposed in `.gitlab-ci.yml`.
If the username is `myuser` and the password is `verysecret` then you would
[set the following variable](../../ci/variables/README.md#via-the-ui)
under your project's settings:
| Type | Key | Value |
| ---- | --- | ----- |
| Variable | `MAVEN_CLI_OPTS` | `--settings mysettings.xml -Drepository.password=verysecret -Drepository.user=myuser` |
```xml
<!-- mysettings.xml -->
<settings>
...
<servers>
<server>
<id>private_server</id>
<username>${private.username}</username>
<password>${private.password}</password>
</server>
</servers>
</settings>
```
## Outdated security reports ## Outdated security reports
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/4913) in GitLab 12.7. > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/4913) in GitLab 12.7.
......
...@@ -166,18 +166,10 @@ it via [custom environment variables](#custom-environment-variables). ...@@ -166,18 +166,10 @@ it via [custom environment variables](#custom-environment-variables).
#### Using a variable to pass username and password to a private Maven repository #### Using a variable to pass username and password to a private Maven repository
If you have a private Apache Maven repository that requires login credentials, If you have a private Maven repository which requires login credentials,
you can use the `MAVEN_CLI_OPTS` [environment variable](#available-variables) you can use the `MAVEN_CLI_OPTS` environment variable.
to pass a username and password. You can set it under your project's settings
so that your credentials aren't exposed in `.gitlab-ci.yml`. Read more on [how to use private Maven repos](../index.md#using-private-maven-repos).
If the username is `myuser` and the password is `verysecret` then you would
[set the following variable](../../../ci/variables/README.md#via-the-ui)
under your project's settings:
| Type | Key | Value |
| ---- | --- | ----- |
| Variable | `MAVEN_CLI_OPTS` | `-Drepository.password=verysecret -Drepository.user=myuser` |
### Disabling Docker in Docker for SAST ### Disabling Docker in Docker for SAST
......
...@@ -191,35 +191,10 @@ If you still need to run tests during `mvn install`, add `-DskipTests=false` to ...@@ -191,35 +191,10 @@ If you still need to run tests during `mvn install`, add `-DskipTests=false` to
#### Using private Maven repos #### Using private Maven repos
If you have a private Maven repository that requires login credentials, you can use the If you have a private Maven repository which requires login credentials,
`MAVEN_CLI_OPTS` variable to specify a custom [`settings.xml`](http://maven.apache.org/settings.html) you can use the `MAVEN_CLI_OPTS` environment variable.
file.
For example, you may have a settings file like this in your project source:
```xml
<settings>
<servers>
<server>
<id>my-server</id>
<username>${private.username}</username>
<username>${private.password}</username>
</server>
</servers>
</settings>
```
You can use this file through the following declaration in your `gitlab-ci.yml` file:
```yaml
license_scanning:
variables:
MAVEN_CLI_OPTS: --settings settings.xml -Dprivate.username=foo -Dprivate.password=bar
```
NOTE: **Note:** Read more on [how to use private Maven repos](../../application_security/index.md#using-private-maven-repos).
If you don't want to expose the credentials in your `.gitlab-ci.yml` file, then
you can [set the variable in your project's settings](../../../ci/variables/README.md#via-the-ui).
### Selecting the version of Python ### Selecting the version of Python
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment