Maven - Enforcer
Table of Contents
Maven enforcer
https://maven.apache.org/enforcer/maven-enforcer-plugin/index.html
Example showing the use of enforcer to make the application use only approved versions of libraries.
<!-- Note use this enforcer config in target projects
if your project is already using this plugin, just add the <exclude> and <include> below -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>enforce-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<!-- blacklist all org.bouncycastle -->
<exclude>org.bouncycastle</exclude>
</excludes>
<includes>
<!--whitelist fips bouncycastle-->
<include>org.bouncycastle:*fips*</include>
</includes>
</bannedDependencies>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>
Example showing the use of enforcer to make sure that the application is using the most updated version of a library.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>enforce-common-library-latest-version</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<maxDependencyUpdates>
<maxUpdates>0</maxUpdates>
<dependencyIncludes>
<dependencyInclude>
com.companyname:common-libraryname
</dependencyInclude>
</dependencyIncludes>
<processDependencyManagement>false</processDependencyManagement>
<processDependencyManagementTransitive>false</processDependencyManagementTransitive>
<processPluginDependencies>false</processPluginDependencies>
<processPluginDependenciesInPluginManagement>false</processPluginDependenciesInPluginManagement>
</maxDependencyUpdates>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>