Document workaround for importing unrelated certs via keytool in Dependency Scanning
Problem to solve
Users are able to import single certificates and certificate bundles into gemnasium-maven
but this does not account for importing multiple unrelated (non-bundled) certificates. The documentation should show how to do this via ci configuration.
Further details
First reported: #321270 (closed)
The solution discussed in that issue should be documented in the main docs.
Implementation plan
-
update docs troubleshooting section to add workaround code as in this note #321270 (comment 515632754)
Testing
-
generate a two-cert test (e.g. in https://gitlab.com/gitlab-org/security-products/tests/java-maven/) to ensure this workaround works as expected: https://gitlab.com/gitlab-org/security-products/tests/java-maven/-/blob/keytool-import-example-FREEZE/.gitlab-ci.yml
Edited by Igor Frenkel