Ban Dependency Management Scope

This rule bans all scope values except for import from dependencies within the dependency management.

The following parameters are supported by this rule:

  • checkEffectivePom - if true the dependencyManagement from imports and parent pom's are checked as well, otherwise only the local dependencyManagement defined in the current project's pom.xml. Default is false.
  • excludes - a list of dependencies to ignore. The format is groupId[:artifactId][:version][:type][:scope][:classifier] where artifactId, version, type, scope and classifier are optional. Wildcards may be used to replace an entire or just parts of a section. Examples:
    • org.apache.maven
    • org.apache.maven:someArtifact
    • org.apache.maven:artifact:someVersion
    • org.apache.maven:*:1.2 (exclude version 1.2 and above, equivalent to [1.2,) )
    • org.apache.maven:*:[1.2] (explicit exclude of version 1.2)
    • org.apache.maven:*:*:jar:test
    • *:*:*:jar:compile:tests
    • org.apache.*:maven-*:*
  • message - an optional message to the user if the rule fails.

Sample Plugin Configuration:

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.5.0</version>
        <executions>
          <execution>
            <id>ban-dependency-management-scope</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <banDependencyManagementScope>
                  <excludes>
                    <exclude>org.apache.maven</exclude>
                  </excludes>
                  <checkEffectivePom>true</checkEffectivePom>
                </banDependencyManagementScope>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>