Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Blacklist Maven dependencies

Tags:

java

maven

maven-3

Is there a way e.g. a Maven plug in that can take a list of unwanted/black listed dependencies (direct and transitive) and fails the build if it detects one of listed dependencies?

In my project we strictly want to get rid of Apache Commons Logging and replace it with the SLF4J JCL Bridge. I am aware that we have to exclude the unwanted deps ourselfs but I would like to have the build failed if someone adds a dependency that brings in blacklisted dependency.

like image 940
saw303 Avatar asked Oct 09 '12 06:10

saw303

People also ask

What is banned dependency?

This rule checks the dependencies and fails if any of the matching excludes are found. The following parameters are supported by this rule: searchTransitive - if transitive dependencies should be checked. Default is true.

How do I exclude a specific version of a dependency in Maven?

Multiple transitive dependencies can be excluded by using the <exclusion> tag for each of the dependency you want to exclude and placing all these exclusion tags inside the <exclusions> tag in pom. xml. You will need to mention the group id and artifact id of the dependency you wish to exclude in the exclusion tag.

What is dependency exclusion in Maven?

For example, a certain older jar may have security issues or be incompatible with the Java version you're using. To address this, Maven allows you to exclude specific dependencies. Exclusions are set on a specific dependency in your POM, and are targeted at a specific groupId and artifactId.

What does Maven enforcer plugin do?

The Enforcer plugin provides goals to control certain environmental constraints such as Maven version, JDK version and OS family along with many more built-in rules and user created rules.

2 Answers

You can ban some dependencies using the maven-enforcer-plugin.

Here is their example with updates for your exclusion of Apache Commons Logging.

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>1.1.1</version>
        <executions>
          <execution>
            <id>enforce-banned-dependencies</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <bannedDependencies>
                  <excludes>
                    <exclude>commons-logging:commons-logging</exclude>
                  </excludes>
                </bannedDependencies>
              </rules>
              <fail>true</fail>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>

The output when running mvn install will be:

[WARNING] Rule 1: org.apache.maven.plugins.enforcer.BannedDependencies failed with message:
Found Banned Dependency: commons-logging:commons-logging:jar:1.1.1
Use 'mvn dependency:tree' to locate the source of the banned dependencies.

It all ends with a BUILD FAILURE.

like image 171
maba Avatar answered Sep 20 '22 17:09

maba

Yes, the enforcer plugin supports this with its bannedDependencies rule.

like image 20
Ramon Avatar answered Sep 19 '22 17:09

Ramon
Sign in to Comment

Related questions

How can I change the arrow style in a JComboBox
How to create enum dynamically?
keytool - see the public and private keys
Is programming against interfaces in Java the same concept as using header files in C/C++?
JSP vs FreeMarker [closed]
Best way for a Spring MVC web app to detect a brute force attack?
How to check if the string is a regular expression or not
Java HashMap Removing Key/Value
How to authenticate soap based java web services?
Where can I find the Xlint option in Netbeans?
Generics cast issue
What's the purpose of minOccurs, nillable and restriction?
Wrangling up XMPP
short-circuiting behavior of conditional OR operator(||)
Guava: Iterables.filter VS Collections2.filter, any big difference?
Java setResizable(false) changes the window size (swing)
How to best map results from an SQL query to a non-entity Java object using Hibernate?
What does wildcard address in InetSocketAddress mean?
How is exception handling done in a Callable
Spring ConversionService adding Converters

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!