Enforcer Rules

Apache Maven Enforcer Rules for Sonatype OSS Index

Audit a project dependencies using Sonatype OSS Index invoked via Apache Maven Enforcer Plugin.

Requirements

Dependency

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>org.sonatype.ossindex.maven</groupId>
      <artifactId>ossindex-maven-enforcer-rules</artifactId>
      <version>3.0.2</version>
    </dependency>
  </dependencies>
</dependencyManagement>

Ban Vulnerable Dependencies

To ban vulnerable dependencies from being consumed by builds:

<build>
  <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-enforcer-plugin</artifactId>
      <dependencies>
        <dependency>
          <groupId>org.sonatype.ossindex.maven</groupId>
          <artifactId>ossindex-maven-enforcer-rules</artifactId>
        </dependency>
      </dependencies>
      <executions>
        <execution>
          <id>vulnerability-checks</id>
          <phase>validate</phase>
          <goals>
            <goal>enforce</goal>
          </goals>
          <configuration>
            <rules>
              <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
            </rules>
          </configuration>
        </execution>
      </executions>
    </plugin>
  </plugins>
</build>

Parameters

Parameter Type Description Default Value
scope String Limit scope of dependency resolution.
transitive Boolean Include transitive dependencies true
cvssScoreThreshold Float CVSS-score threshold. Vulnerabilities with lower scores will be excluded. 0.0
excludeCoordinates Set of MavenCoordinates Set of coordinates to exclude from vulnerability matching.
excludeVulnerabilityIds Set of String Set of vulnerability identifiers to exclude from matching.
level String Levels steering whether a rule should fail a build (ERROR) or just display a warning (WARN). ERROR
clientConfiguration OssindexClientConfiguration Client configuration.
authId String Set client authentication from Maven settings server configuration.

Features

Enforcer Rules: Excludes
Enforcer Rules: Fail or Warn