Dependency Scanning fails on Java-based project with Maven

Summary

Dependency scanning is failing on a Java-based project using Maven with no clear error message.

Steps to reproduce

Support has not yet been able to replicate this using this test project. A job trace and .gitlab-ci.yml for the customer can be found in an internal note in the Zendesk ticket listed at the bottom of this issue's description.

What is the current bug behavior?

Dependency scanning fails with: (stack trace in ticket)

Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven:2
Uploading artifacts...
WARNING: gl-dependency-scanning-report.json: no matching files 
ERROR: No files to upload                          
ERROR: Job failed: exit code 1

What is the expected correct behavior?

Dependency scanning should pass when run on a project using a supported code base.

Output of checks

This bug happens on GitLab.com

ZD: https://gitlab.zendesk.com/agent/tickets/137586 (GitLab Internal)

Edited Nov 06, 2019 by Nicole Schwartz