Application analysis configuration - Config - Advanced - Maven configuration settings
Overview
When analyzing an application that includes Maven based source code, you must tell CAST Imaging where to find the Maven local or remote HTTP/S repository. The location of the repository is crucial to ensure that any associated JAR files can be automatically discovered and that POM dependencies can also be located. To do so use this panel. Out of the box no repositories will be predefined:
- Any repository added in this panel is valid only for the specific parent Application and will therefore not be scanned during source code delivery for other Applications. If you need to define repositories at a global level for all Applications/Nodes see Maven Repositories.
- Repositories discovered in the uploaded source code and any repositories defined in this panel always take priority over any repositories defined at a global level for all Applications/Nodes.
Adding a new repository
Repository URL/Path
Enter the URL or path to the Maven repository you want to add. For example:
- Remote repository: enter the URL to the repository (e.g.: Google’s repository https://maven.google.com)
- Local repository: enter the path to the
.m2file, e.g.:C:/my_repo/.m2
The Maven repository URL will be validated when the ADD button is clicked, and if it is inaccessible, an error will be displayed and the repository will not be saved.
Username/Password
Enter the credentials for the repository - leave blank if the repository is public or does not require credentials.
Changing the order of repositories
You can change the order of the repositories by dragging and dropping them in to the correct position (this is the order in which the repositories are scanned for artifacts). The repository at the top of the list is marked as the “default”, i.e. this repository is always scanned first:
Troubleshooting issues accessing remote HTTPS repositories
In certain situations, an error may be registered in the Delivery log when the Node attempts to access an HTTPS repository. For example, in the log located at delivery\{app-guid}\data\{guid}\{guid}\{guid}\DMTDeliveryReport.CastLog2:
ERROR cast.dmt.engine.extractor.jee.maven.http.connectionFailed Unknown format id: cast.dmt.engine.extractor.jee.maven.http.connectionFailed => %URL%="https://my.maven.repo/artifactory/maven-release/"
%MESSAGE%="sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(:0).
The error reported in the log is generated by the DeliveryManagerTool-CLI.exe tool located on the node. This tool uses the Java JRE delivered with CAST Imaging Core in the following location:
%PROGRAMFILES%\CAST\<release>\jre\
This error usually occurs if the remote HTTPS repository you have defined is using an SSL certificate:
- where the signing authority is not listed in the Java JRE cacerts file located at
%PROGRAMFILES%\CAST\<release>\jre\security\cacerts - that is self-signed
Resolving the issue involves importing the required SSL certificates into the Java JRE cacerts Java keystore (located in %PROGRAMFILES%\CAST\8.4\jre\lib\security) delivered with CAST Imaging Core. You should ensure that all certificates are imported, especially if you have a “bundle” containing multiple embedded certificates. This process is out of the scope of this document and you should contact CAST Support for advice.