If I run the tool from CLI to check a pom.xml file, how can I specify the location of settings.xml file (~/.m2/settings.xml)? I have two different private maven repositories specified in there to get the dependencies and transient dependencies, which are currently not scanned.
According to https://github.com/jeremylong/DependencyCheck/issues/7260: This is not possible,
the CLI knows nothing about a maven settings.xml or a pom.xml's dependencies. From a pom.xml it only harvests some evidences about the project itself, not about dependencies, as trying to do that would require us to rebuild all of Maven in the CLI.
To check a pom.xml you would use the maven plugin:
mvn org.owasp:dependency-check-maven:11.1.0:check -f path/to/pom.xml