Ban Transitive Dependencies
This rule bans all transitive dependencies.
The following parameters are supported by this rule:
- excludes - specify the dependencies that will be ignored.
This can be a list of artifacts in the format groupId[:artifactId[:version[:type[:scope[:classifier]]]]] . Wildcard '*' can be used to in place of specific section (e.g. group:*:1.0 will match both 'group:artifact:1.0' and 'group:anotherArtifact:1.0') Version is a string representing standard maven version range. Empty patterns will be ignored. - includes - specify the dependencies that will be checked.
These are exceptions to excludes intended for more convenient configuration. This can be a list of artifacts in the format groupId[:artifactId[:version[:type[:scope[:classifier]]]]] as above. - message - an optional message to the user if the rule fails. Will replace generated report message.
Sample Plugin Configuration:
<project> [...] <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-enforcer-plugin</artifactId> <version>3.4.1</version> <executions> <execution> <id>enforce-banned-dependencies</id> <goals> <goal>enforce</goal> </goals> <configuration> <rules> <banTransitiveDependencies> <excludes> <!-- the rule will not fail even if it detects ignoredArtifact of group org.apache.maven, because it is excluded --> <exclude>org.apache.maven:ignoredArtifact</exclude> <exclude>*:anotherIgnoredArtifact</exclude> </excludes> <includes> <!-- override "org.apache.maven:ignoredArtifact" to fail if exactly 1.0 version of ignoreArtifact is detected to be transitive dependency of the project --> <include>org.apache.maven:ignoredArtifact:[1.0]</include> </includes> </banTransitiveDependencies> </rules> </configuration> </execution> </executions> </plugin> </plugins> </build> [...] </project>