container-security | Container Security Best Practices Checklist | Continuous Deployment library

Please update to version 3.14.0 of the SAP Cloud SDK.

For reproducing the issue, I compared my previous test results as described in the comments with those from Wiremock tests and version 3.13.0 (and earlier). It turns out the issue that you've described was fixed one iteration later. It was fixed in 3.14.0.

The correct version to use is XS_JAVAP_2-70001362.ZIP which is actually not the latest one. Since the version is specified by the SDK you don't need to provide a version number in your pom.

I hope this solves the problem. If not, please expand your question to contain the version of the SDK that you are using and also your pom.xml.

The nexus container you see acts as a download cache and is by design not accessible from outside to prevent accidental changes to it. Also, its life-cycle is controlled by the cx-server script, so even if you installed packages there manually, they would be gone once you upgrade the Jenkins.

I think the best way to handle this would be to set up another Nexus instance where you install the required packages and configure the pipeline to use that as described here (mvn_repository_url). This nexus needs to be configured as a mirror for Maven central. We don't have specific docs on how to do that, but this post describes a similar setup.

In this set up, you might want to disable the download cache as it is redundant (cache_enabled to false).

I hope this helps.

Kind regards

Florian

You also have to provide the native JWT libraries as provided in the same package from SAP Service Marketplace. In the blog you can see that the one for Unix should be on the class path: