Learn More: Dependency Errors in Java

Maven uses settings.xml files, which are similar to pom.xml files in that they contain elements used to define values that configure Maven execution in various ways, but they are not tied to any single project. These values include the location of the local repository, alternate remote repository servers, and authentication information, among others. As such if your application utilizes a settings.xml file, Sentinel Source would not have checked it out during the repository checkout process.

Gradle works with parent-child relationships, and if one is absent, the child may not function properly.

To include these files with future Sentinel Source scans, you can navigate to the Asset Management page in the WhiteHat Portal interface and upload the file. All future scans will use this file to acquire dependencies declared within the application.

Dependencies and their associated repository URL are declared in the pom.xml file. The Sentinel Source appliance must have network access to these destination URLs whether they are internal or public repositories. The Sentinel appliance will generally need the same access to servers that your developers have.

If your application is not using Maven or Gradle as a dependency management system, you will need to manually include the dependencies for the application. This can be done by placing the related .jar files in the repository itself, and providing Sentinel Source repository access information to access it. This can be done as a separate repository, or be included in the repositories that have already been defined within the WhiteHat Portal interface.