Ban Transitive Dependencies
This rule bans all transitive dependencies.
The following parameters are supported by this rule:
- excludes - specify the dependencies that will be ignored.
This can be a list of artifacts in the format groupId[:artifactId[:version[:type[:scope[:classifier]]]]] . Wildcard '*' can be used to in place of specific section (e.g. group:*:1.0 will match both 'group:artifact:1.0' and 'group:anotherArtifact:1.0') Version is a string representing standard maven version range. Empty patterns will be ignored. - includes - specify the dependencies that will be checked.
These are exceptions to excludes intended for more convenient configuration. This can be a list of artifacts in the format groupId[:artifactId[:version[:type[:scope[:classifier]]]]] as above. - message - an optional message to the user if the rule fails. Will replace generated report message.
Sample Plugin Configuration:
<project>
[...]
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.6.0</version>
<executions>
<execution>
<id>enforce-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<banTransitiveDependencies>
<excludes>
<!-- the rule will not fail even if it detects ignoredArtifact
of group org.apache.maven, because it is excluded -->
<exclude>org.apache.maven:ignoredArtifact</exclude>
<exclude>*:anotherIgnoredArtifact</exclude>
</excludes>
<includes>
<!-- override "org.apache.maven:ignoredArtifact" to fail
if exactly 1.0 version of ignoreArtifact is detected
to be transitive dependency of the project -->
<include>org.apache.maven:ignoredArtifact:[1.0]</include>
</includes>
</banTransitiveDependencies>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
[...]
</project>