Apache Maven Enforcer Built-In Rules – Ban Dependency Management Scope

Ban Dependency Management Scope

This rule bans all scope values except for import from dependencies within the dependency management.

The following parameters are supported by this rule:

checkEffectivePom - if true the dependencyManagement from imports and parent pom's are checked as well, otherwise only the local dependencyManagement defined in the current project's pom.xml. Default is false.
excludes - a list of dependencies to ignore. The format is groupId[:artifactId][:version][:type][:scope][:classifier] where artifactId, version, type, scope and classifier are optional. Wildcards may be used to replace an entire or just parts of a section. Examples:
- org.apache.maven
- org.apache.maven:someArtifact
- org.apache.maven:artifact:someVersion
- org.apache.maven:*:1.2 (exclude version 1.2 and above, equivalent to [1.2,) )
- org.apache.maven:*:[1.2] (explicit exclude of version 1.2)
- org.apache.maven:*:*:jar:test
- *:*:*:jar:compile:tests
- org.apache.*:maven-*:*
message - an optional message to the user if the rule fails.

Sample Plugin Configuration:

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.2.1</version>
        <executions>
          <execution>
            <id>ban-dependency-management-scope</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <banDependencyManagementScope>
                  <excludes>
                    <exclude>org.apache.maven</exclude>
                  </excludes>
                  <checkEffectivePom>true</checkEffectivePom>
                </banDependencyManagementScope>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>