Dependency scanning invalid permission with OpenShift and Custom CA

Summary

When running Dependency scanning on OpenShift with a Custom CA you will get the error.

open /etc/ssl/certs/ca-certificates.crt: permission denied

related issue: #350625 (closed)

For gemnasium-maven, /etc/ssl/certs/ca-certificates.crt is owned by root:root, but -rw-r--r--. The script that give write permission is executed before upgrading packages, so the permissions are lost during upgrade https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven/-/blob/master/config/install.sh#L12-15 and https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven/-/blob/master/config/install.sh#L20-28 the error open /etc/ssl/certs/ca-certificates.crt: permission denied in the job.

Steps to reproduce

Run Dependency scanning on OpenShift

What is the current bug behavior?

open /etc/ssl/certs/ca-certificates.crt: permission denied

What is the expected correct behavior?

To have Dependency scanning run without problems

Some additional information:

ADDITIONAL_CA_CERT_BUNDLE variable works for NodeJS projects, but not for Maven projects.

/cc @WarheadsSE @dsearles @NicoleSchwartz

Edited by Connor Gilbert