Description of problem:

Analyzing the tackle-testapp-public with and without an associated Maven settings credential produces drastically different results. Custom rules are not being triggered and some false positives are obtained when analyzing without the Maven settings credential.

On top of that, only direct dependencies are being displayed on the dependencies view, and links to Maven Central are not being rendered in the Version column for the given application.

Version-Release number of selected component (if applicable):

MTA 7.0.3

How reproducible:

Always

Steps to Reproduce:

1. Create two applications pointing to the same repository: https://github.com/konveyor/tackle-testapp-public
2. Create a Maven settings credential following the instructions in https://github.com/konveyor/tackle-testapp-public?tab=readme-ov-file#building-the-application
3. Assign that Maven Settings credential to only one of those applications.
4. Run individual analyses of both applications with the following config:

• Source mode
• Containerization, OracleJDK to OpenJDK and Linux targets.
• Application and internal dependencies scope.
• Add the following custom rule: https://github.com/rromannissen/appmod-enablement/blob/main/customrules/corporate-framework-config.windup.xml

Actual results:

The custom rule is not triggered in the application with no Maven settings credential. False positives for "File system - Java IO" and "Methods in `sun.misc.Unsafe` have been removed" rules are found. Dependencies for that application only include direct dependencies, and links to Maven Central are not rendered when displayed.

Expected results:

Both analyses produce the same results.

Additional info: