Share all details about your problem, including any error messages you may have received.
I’m setting up a build environment using the IdentityIQ DevSecOps Toolkit (v2.0.0-alpha) following the “IdentityIQ DevSecOps Toolkit User Guide”. During the build process, running the command mvn clean package -Penv-dev results in build failures related to missing dependencies.
Here are the errors I’m encountering:
sailpoint:pslabs-libraries:pom:0.1 is missing and could not be found in Maven Central Repository.
sailpoint:pslabs-cicd:pom:0.1 is also missing.
Similar issues appear when attempting to build the identityiq-config-files-helper-plugin:1.0.1.
I’ve tried commenting out some dependencies, but it’s not resolving the overall problem.
Has anyone experienced this or can provide the missing artifacts or a workaround? Any help or guidance is much appreciated.
Ensure that your pom.xml or settings.xmlincludes the correct repository for SailPoint artifacts
Run the Maven command with the -U flag to force updates of snapshots and release.
While you mentioned commenting out some dependencies, ensure that this does not affect other critical components. It might be worth finding if there are alternative libraries or versions that can be used
Can you put specific error logs to understand more.
Actually, I have not changed anything in the pom.xml; the project is exactly as generated from the Maven archetype. If we look at the missing jars, it seems like the references to SailPoint internal jars are still present. I noticed in the pom.xml that specific jars are referencing these pslabs artifacts.
Here are some of the dependency versions causing issues:
[ERROR] Failed to execute goal on project iiq-web: Could not collect dependencies for project example.company:iiq-web:jar:1.0.0
[ERROR] Failed to read artifact descriptor for sailpoint:junit-helper:jar:1.0.0
[ERROR] Caused by: The following artifacts could not be resolved: sailpoint:pslabs-libraries:pom:0.1 (absent): sailpoint:pslabs-libraries:pom:0.1 was not found in https://repo.maven.apache.org/maven2 during a previous attempt. This failure was cached in the local repository and resolution is not reattempted until the update interval of central has elapsed or updates are forced.
[ERROR] Failed to read artifact descriptor for sailpoint.pse.devsecops:maven-build-helper:jar:1.0
[ERROR] Caused by: The following artifacts could not be resolved: sailpoint:pslabs-cicd:pom:0.1 (absent): sailpoint:pslabs-cicd:pom:0.1 was not found in https://repo.maven.apache.org/maven2 during a previous attempt.
Is there a SailPoint-specific Maven repository I need to reference other than Maven Central?
I was able to resolve this issue with a workaround by creating dummy artifacts in the .m2 repository to allow the build to proceed. These missing artifacts were referenced as parent tags in the POM files of the mentioned jars.
I do have a follow-up question related to this:
Should we use the DevSecOps toolkit or SSD for dependency management and DevOps pipelines? The toolkit seems more suited for managing dependencies and integrating with CI/CD pipelines, but I noticed the last update was in 2021. Would I be missing out on something important if it isn’t maintained? Should I consider switching to SSD instead for a more up-to-date solution? Expert advice on this would be appreciated.
In my opinion, when considering dependency management and DevOps pipelines in SailPoint IdentityIQ, you have two main options: the DevSecOps Toolkit and SSD (Services Standard Deployment).
DevSecOps Toolkit
Pros: Designed for integrating security into CI/CD pipelines, it provides tools for managing dependencies and automating builds.
Cons: Last updated in 2021, which raises concerns about ongoing support and compatibility with newer technologies. This could lead to potential security vulnerabilities or inefficiencies in your pipeline.
SSD (Services Standard Deployment)
Pros: Actively maintained and integrates well with modern CI/CD tools. It offers comprehensive support for dependency management, artifact repositories, and security scanning tools. This makes it more suitable for contemporary DevSecOps practices.
Cons: Transitioning to SSD may require some initial setup effort if you are currently using the DevSecOps Toolkit.