Enforcer Rules: Excludes

Sometimes BanVulnerableDependencies may detect vulnerabilities which are not relevant.

In those cases exclusions can be configured to prevent vulnerabilities from matching.

Exclude Specific Vulnerabilities

Specific vulnerabilities can be excluded by vulnerability-id.

For example to exclude 39d74cc8-457a-4e57-89ef-a258420138c5:

<configuration>
  <rules>
    <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies">
      <excludeVulnerabilityIds>
        <exclude>39d74cc8-457a-4e57-89ef-a258420138c5</exclude>
      </excludeVulnerabilityIds>
    </banVulnerable>
  </rules>
</configuration>

Exclude Specific Components

Specific components can be excluded by coordinates.

For example to exclude commons-fileupload:commons-fileupload:1.3:

<configuration>
  <rules>
    <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies">
      <excludeCoordinates>
        <exclude>
          <groupId>commons-fileupload</groupId>
          <artifactId>commons-fileupload</artifactId>
          <version>1.3</version>
        </exclude>
      </excludeCoordinates>
    </banVulnerable>
  </rules>
</configuration>

NOTE: Only exact coordinate matches are excluded.