Maven Enforcer

The Enforcer plugin provides goals to control certain environmental constraints

Integration
mavenenforcer
Home Page
https://maven.apache.org/enforcer/maven-enforcer-plugin/

Synopsis

Prevent component vulnerabilities detected by Sonatype OSS Index in Apache Maven builds.

Usage

  1. Configure a plugin execution of maven-enforcer-plugin
  2. Add org.sonatype.ossindex:ossindex-maven-enforcer-rules rule dependency
  3. Include banVunerableDependencies rule with implementation org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies
<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-enforcer-plugin</artifactId>
  <dependencies>
    <dependency>
      <groupId>org.sonatype.ossindex</groupId>
      <artifactId>ossindex-maven-enforcer-rules</artifactId>
    </dependency>
  </dependencies>
  <executions>
    <execution>
      <id>vulnerabile-components</id>
      <phase>validate</phase>
      <goals>
        <goal>enforce</goal>
      </goals>
      <configuration>
        <rules>
          <banVunerableDependencies implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
        </rules>
      </configuration>
    </execution>
  </executions>
</plugin>

Attributions

Apache and Apache Maven are trademarks of the Apache Software Foundation.
Maven Enforcer logo is licensed under the Apache License Version 2.