Ban Transitive Dependencies

This rule bans all transitive dependencies.

The following parameters are supported by this rule:

  • excludes - specify the dependencies that will be ignored.
    This can be a list of artifacts in the format groupId[:artifactId[:version[:type[:scope[:classifier]]]]] . Wildcard '*' can be used to in place of specific section (e.g. group:*:1.0 will match both 'group:artifact:1.0' and 'group:anotherArtifact:1.0') Version is a string representing standard maven version range. Empty patterns will be ignored.
  • includes - specify the dependencies that will be checked.
    These are exceptions to excludes intended for more convenient configuration. This can be a list of artifacts in the format groupId[:artifactId[:version[:type[:scope[:classifier]]]]] as above.
  • message - an optional message to the user if the rule fails. Will replace generated report message.

Sample Plugin Configuration:

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.5.0</version>
        <executions>
          <execution>
            <id>enforce-banned-dependencies</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <banTransitiveDependencies>
                  <excludes>
                    <!-- the rule will not fail even if it detects ignoredArtifact
                         of group org.apache.maven, because it is excluded -->
                    <exclude>org.apache.maven:ignoredArtifact</exclude>
                    <exclude>*:anotherIgnoredArtifact</exclude>
                  </excludes>
                  <includes>
                    <!-- override "org.apache.maven:ignoredArtifact" to fail
                         if exactly 1.0 version of ignoreArtifact is detected
                         to be transitive dependency of the project -->
                    <include>org.apache.maven:ignoredArtifact:[1.0]</include>
                  </includes>
                </banTransitiveDependencies>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>