# Vulnerability Scanning on Private Packages - Maven

When letting Aikido scan your dependencies in repositories with private maven packages, Aikido would need to also have access to the private packages. You can now provide private Maven settings.xml configuration in Aikido for this.

## Prerequisites <a href="#prerequisites" id="prerequisites"></a>

**Prepare settings.xml**

For private Maven packages, Aikido uses a settings.xml file to authenticate with the private registry.

Example settings.xml for accessing private packages on mvnrepository registry:

```
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
  <servers>
    <server>
      <id>your-repository-id</id>
      <username>your-username</username> <!-- Optional, you can leave this as a dummy value -->
      <password>ACCESS_TOKEN</password>
    </server>
  </servers>
</settings>
```

**Make sure your pom.xml files have** `releases` **or** `snapshots` **enabled**

```xml
    <repositories>
        <repository>
            <id>your-repository-id</id>
            <url>https://...</url>
            <releases>
                <enabled>true</enabled>
            </releases>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </repository>
    </repositories>
```

## Configuration in Aikido <a href="#configuration-in-aikido" id="configuration-in-aikido"></a>

Once the prerequisites are fulfilled, you can configure Aikido to authenticate with your private NuGet registry when updating the dependencies by following the steps below:

1. Go to your account's [**Settings > Repositories page**](https://app.aikido.dev/settings/integrations/repositories) in Aikido.
2. Click **Actions** > **Private Registry Connections**.

   ![Dropdown menu displaying repository settings and private registry connections options.](/files/ccPXEpj5O0jgk2QT15Db)
3. Select the **Maven** tab, and paste your settings.xml contents here.

   ![Private registry connection setup for Maven with settings.xml configuration snippet.](/files/aYm6pTbYOtTFz12IrWPd)
4. Click **Apply Changes** to save the configuration.
5. In the next scans, this settings.xml will be used by Aikido.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/code-scanning/scanning-practices/vulnerability-scanning-on-private-packages-maven.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.