Failing the build on dependency analysis warnings

A project's dependencies can be analyzed as part of the build process by binding the dependency:analyze-only goal to the lifecycle. By default, the analysis will be performed during the verify lifecycle phase. The plugin can then be configured to fail the build if any dependency analysis warnings are encountered by setting the failOnWarning parameter. See the following POM configuration for an example:

<project>
  ...
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-dependency-plugin</artifactId>
        <version>3.1.1</version>
        <executions>
          <execution>
            <id>analyze</id>
            <goals>
              <goal>analyze-only</goal>
            </goals>
            <configuration>
              <failOnWarning>true</failOnWarning>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  ...
</project>

Note that the dependency:analyze-only goal is used in preference to dependency:analyze since it doesn't force a further compilation of the project, but uses the compiled classes produced from the earlier test-compile phase in the lifecycle.

The project's dependencies will then be automatically analyzed during the verify lifecycle phase, which can be executed explicitly as follows:

mvn verify