During one such engagement, one of my team members was struggling to compile the code. And anytime you have compilation errors, many of the static analysis tools produce 0 findings.
That's when I sent this simple command line option to my team member, who in turn was able to ask the client to send them all the dependencies using this command. And this worked like a charm, we had all libraries required to compile the code, the tool was happy, we were happy and the client was happy as well.
So, here it is. Make sure you can compile the code without any errors.
From a command line within your project, run "mvn clean compile"
Next, once you have a clean compilation, run the command "mvn dependency:copy-dependencies". This will copy all the dependencies into the target\dependency folder.
Take a look at the target\dependency folder, you have all the libraries to compile and can now configure any tool to scan your code successfully.