When you import an API specification from Anypoint Exchange, it generates a dependency block in pom.xml that looks like this:
<dependency>
<groupId>YOUR_ANYPOINT_ORG_ID</groupId>
<artifactId>your-api-name</artifactId>
<version>1.0.0</version>
<classifier>raml</classifier>
<type>zip</type>
</dependency>This require that your Maven settings.xml is properly configured with your Anypoint Platform credentials so Maven has the authorization to pull the RAML zip file from the private Exchange repository.
But, the RAML zip file pulled from Anypoint Exchange does not contain any executable code, compiled binaries, or libraries (like .jar, .class, or .dll files), so i think it is better to exclude it from the scan.
When you import an API specification from Anypoint Exchange, it generates a dependency block in
pom.xmlthat looks like this:This require that your Maven
settings.xmlis properly configured with your Anypoint Platform credentials so Maven has the authorization to pull the RAML zip file from the private Exchange repository.But, the RAML zip file pulled from Anypoint Exchange does not contain any executable code, compiled binaries, or libraries (like .jar, .class, or .dll files), so i think it is better to exclude it from the scan.