Learn More: Dependency Errors in Java
In order to provide complete coverage, Sentinel Source requires access to the dependencies used by your application. To gain access to the dependencies, Sentinel Source uses maven dependency management to download the dependencies defined in packages.config files.
If a dependency is found to be missing during scanning, an indicator will be displayed on Sentinel’s File Coverage page. The packages that Sentinel Source was unable to resolve for that file are listed in the error messages linked with these clickable indicators.
There are several issues that can lead to these dependency resolution errors:
Maven uses settings.xml files, which are similar to pom.xml files in that they contain elements used to define values that configure Maven execution in various ways, but they are not tied to any single project. These values include the location of the local repository, alternate remote repository servers, and authentication information, among others. As such if your application utilizes a settings.xml file, Sentinel Source would not have checked it out during the repository checkout process.
Gradle works with parent-child relationships, and if one is absent, the child may not function properly.
To include these files with future Sentinel Source scans, you can navigate to the Asset Management page in the Sentinel interface and upload the file. All future scans will use this file to acquire dependencies declared within the application.
Dependencies and their associated repository URL are declared in the pom.xml file. The Sentinel Source appliance must have network access to these destination URLs whether they are internal or public repositories. The Sentinel appliance will generally need the same access to servers that your developers have.
If your application is not using Maven or Gradle as a dependency management system, you will need to manually include the dependencies for the application. This can be done by placing the related .jar files in the repository itself, and providing Sentinel Source repository access information to access it. This can be done as a separate repository, or be included in the repositories that have already been defined within the Sentinel Interface.