Skip to content

License finder replaces my personal Maven settings.xml

Should have the following labels: Category:License Compliance and ~"devops:secure"

If you run the license finder Docker container like below you will find that it replaces your personal Maven settings.xml (e.g. in ~/.m2/settings.xml) with its own from https://gitlab.com/gitlab-org/security-products/analyzers/license-finder/-/blob/main/config/files/.m2/settings.xml

docker run --rm -ti \
  --volume "$PWD":/code --volume /Users/marcelstoer/.m2:/root/.m2 \
  --env=LM_REPORT_VERSION="2.1"\
  --env=CI_PROJECT_DIR=/code \
  registry.gitlab.com/gitlab-org/security-products/analyzers/license-finder:latest

It does not reset the settings.xml once license scanning is done.