Built by Maven

Require Plugin Versions

This rule enforces that all plugins have a version defined, either in the plugin or pluginManagement section of the pom or a parent pom.

The following parameters are supported by this rule:

  • message - an optional message to the user if the rule fails.
  • banLatest - disallow any use of "LATEST" as a version for any plugin. Default = true.
  • banMavenDefaults -- require all plugin versions to be defined in the project; the default is true. If false, the version of a plugin will be obtained from the super POM or default lifecycle bindings. That is, a value of false will free the project from having to define versions of many standard plugins, instead delegating them to the version of Maven defined by the project's Maven wrapper or the version of Maven enforced by the requireMavenVersion rule.
  • banRelease - disallow any use of "RELEASE" as a version for any plugin. Default = true.
  • banSnapshots - disallow any use of SNAPSHOT plugins. Default = true.
  • banTimestamps - disallow any use of snapshot plugins with timestamp version (only enabled when banSnapshots is true). Default = true.
  • phases - The comma separated list of phases that should be used to find lifecycle plugin bindings. The default value is "clean,deploy,site".
  • additionalPlugins - A list of additional plugins to enforce have versions. These are plugins that may not be in the poms but are used anyway, like help, eclipse etc. The plugins should be specified in the form: group:artifactId.
  • unCheckedPluginList - A comma separated list of plugins to skip version checking. Ie allow no version, or snapshots, etc. The plugins should be specified in the form: group:artifactId.

Sample Plugin Configuration (showing some defaults, defaults can be skipped):

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.6.3</version>
        <executions>
          <execution>
            <id>enforce-plugin-versions</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <requirePluginVersions>
                   <message>Best Practice is to always define plugin versions!</message>
                   <banLatest>true</banLatest>
                   <banRelease>true</banRelease>
                   <banSnapshots>true</banSnapshots>
                   <phases>clean,deploy,site</phases>
                   <additionalPlugins>
                     <additionalPlugin>org.apache.maven.plugins:maven-eclipse-plugin</additionalPlugin>
                     <additionalPlugin>org.apache.maven.plugins:maven-reactor-plugin</additionalPlugin>
                   </additionalPlugins>
                   <unCheckedPluginList>org.apache.maven.plugins:maven-enforcer-plugin,org.apache.maven.plugins:maven-idea-plugin</unCheckedPluginList>
                </requirePluginVersions>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>