Improve logging and suggest solutions for known errors in Composition Analysis analyzers

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

Problem to solve

Users frequently face similar issues when enabling Dependency Scanning or Container Scanning features. We already offer some troubleshooting guidance in the user documentation:

• https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#troubleshooting
• https://docs.gitlab.com/ee/user/application_security/container_scanning/#troubleshooting

Though, we could improve their discoverability.

Proposal

We could enhance our logging in the CI job to provide clearer guidance on the problem and how to solve it by e.g. checking the documentation.

Also, depending on the error raised, we could make direct suggestions on how to address them. For instance:

• suggest how to configure a custom package registry when failing to download dependencies
• suggest to configure the package manager with options like MAVEN_CLI_OPTS when facing build errors

Intended users

Feature Usage Metrics

Does this feature require an audit event?