General Request:
As an administrator, I'd like the ability to disable Java Specs scanning on the Bamboo Server and instead have the Java Specs scan executed on an agent (Remote/Ephemeral/Elastic) or approach a different method to support Java Specs.

Business Case: When Java Spec Maven project is scanned in Bamboo server, it automatically downloads the necessary dependencies from the Maven Central Repository over the internet. These dependencies are then stored in the server's .m2 directory. However, it's important to note that these dependencies can potentially introduce vulnerabilities to the server. The extent of these vulnerabilities largely depends on the specific dependencies that are declared in the project's pom.xml file that are created by application teams. The degree of these vulnerabilities is largely contingent on the specific dependencies outlined in the project's pom.xml file.

Importance: It's crucial to run this type of scans only on application team's owned agents there by the responsibility of managing these dependencies, including their potential vulnerabilities are the primary accountability rests with the respective project application team not Bamboo server owners. This way it helps in maintaining the security in Bamboo server.

Any other details: We don't want to completely block Java Spec usage but would like to do a different approach to make this feature available.