Ban Dependency Management Scope

This rule bans all scope values except for import from dependencies within the dependency management.

The following parameters are supported by this rule:

  • checkEffectivePom - if true the dependencyManagement from imports and parent pom's are checked as well, otherwise only the local dependencyManagement defined in the current project's pom.xml. Default is false.
  • excludes - a list of dependencies to ignore. The format is groupId[:artifactId][:version][:type][:scope][:classifier] where artifactId, version, type, scope and classifier are optional. Wildcards may be used to replace an entire or just parts of a section. Examples:
    • org.apache.maven
    • org.apache.maven:someArtifact
    • org.apache.maven:artifact:someVersion
    • org.apache.maven:*:1.2 (exclude version 1.2 and above, equivalent to [1.2,) )
    • org.apache.maven:*:[1.2] (explicit exclude of version 1.2)
    • org.apache.maven:*:*:jar:test
    • *:*:*:jar:compile:tests
    • org.apache.*:maven-*:*
  • message - an optional message to the user if the rule fails.

Sample Plugin Configuration: