inteligr8/ban-maven-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4 Commits 2 Branches 18 Tags
e241137209e29a84efbb9dbb559e00b72c94826a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Brian Long e241137209 Merge branch 'develop' into stable
2023-05-25 13:19:36 -04:00
src
added purge goal
2023-05-25 13:19:24 -04:00
.gitignore
initial checkin
2023-05-24 23:51:09 -04:00
COPYING.LESSER.md
initial checkin
2023-05-24 23:51:09 -04:00
COPYING.md
initial checkin
2023-05-24 23:51:09 -04:00
pom.xml
Merge branch 'develop' into stable
2023-05-25 13:19:36 -04:00
README.md
initial checkin
2023-05-24 23:51:09 -04:00

README.md

Artifact Ban Maven Plugin

This is a maven plugin that allows for developers and organizations to ban Maven artifacts. We are keenly aware of the capability in the maven-enforcer-plugin. Instead of simply generating an error when a banned artifact is referenced, this plugin prevents the artifact from being downloaded as well. This is crucial within certain organizations with strict security scans that crawl the Maven cache.

Usage

<project>
    ...
    <build>
        ...
        <plugins>
            ...
            <plugin>
                <groupId>com.inteligr8</groupId>
                <artifactId>ban-maven-plugin</artifactId>
                <version>...</version>
                <extensions>true</extensions>
                <configuration>
                    <includes>
                        <artifact>
                            <groupId>...<groupId>
                            <artifactId>...<artifactId>
                            <version>...</version>
                        </artifact>
                        <artifact>
                            <groupIdRegex>...<groupIdRegex>
                            <artifactIdRegex>...<artifactIdRegex>
                            <version>...</version>
                        </artifact>
                        <artifact>com.inteligr8:ban-maven-plugin:[,1.0.0)</artifact>
                        <artifact>log4j:log4j</artifact>
                        <artifact>org\.springframework.*::[,4.0.0.RELEASE)</artifact>
                    </includes>
                    <excludes>
                    	   <artifact>
                    	       ....
                    	   </artifact>
                    </excludes>
                </configuration>
            </plugin>
            ...
        </plugins>
        ...
    </build>
    ...
</project>

The extensions elements is critical. Without it, the plugin does nothing. With it, the plugin is able to detected ban artifacts before they are downloaded.

If no includes are provided, then no artifacts will be banned. An included artifact is a banned artifact. An excluded artifact is not banned. It is the opposite of what you may think.

If groupId is not provided, it is ignored in the matching process. So it will match all artifact group IDs and the constraint will be for artifactId and version only. The same is true for artifactId and version. This means that <includes><artifact></artifact></includes> will ban every artifact.

If groupId and groupIdRegex are both provided, only groupId is used. The same is true for artifactId and artifactIdRegex. The *Regex values use standard Java regular expressions. If using regular expressions, remember to escape the dots (\.) in group IDs.

The version element supports the standard Maven specification. You can match a specific version like 1.0.0. Or you can match all versions before 1.2.17 like [,1.2.17). You can match all future versions after 1.2.17 (inclusive) with [1.2.17,).

There is nothing stopping you from specifying two artifact elements with the exact same values. So you can ban multiple version ranges of the same artifact by using multiple artifact elements.

If you include all versions by omitting the version element, you can still exclude (unban) certain versions, like [1.2.17,).

It is recommended that you look into Maven Tiles so you can use a tile to define your banned artifacts and side load them into all your projects.

Description
No description provided
maven
Readme 148 KiB
Languages
Java 100%