Enforcer Rules: Fail or Warn
Rules may fail or produce warnings.
By default BanVulnerableDependencies
will cause failures will cause BUILD FAILURE
if any vulnerabilities are detected.
Example build output:
[INFO] --- maven-enforcer-plugin:3.0.0-M1:enforce (checks) @ vulnerable-fail --- [INFO] Checking for vulnerabilities: [INFO] commons-fileuploadjar:1.3:compile [INFO] commons-iojar:2.2:compile [INFO] Exclude coordinates: [] [INFO] Exclude vulnerability identifiers: [] [INFO] CVSS-score threshold: 0.0 [WARNING] Rule 0: org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies failed with message: Detected 1 vulnerable components: commons-fileuploadjar:1.3:compile; https://ossindex.sonatype.org/component/maven:commons-fileupload/commons-fileupload@1.3 * [CVE-2014-0050] Permissions, Privileges, and Access Controls (7.5); https://ossindex.sonatype.org/vuln/43e6c5a5-b586-4b31-9244-b62b6e36f2d0 * Arbitrary file upload via deserialization (0.0); https://ossindex.sonatype.org/vuln/fb810cbf-d8fb-4f30-b79b-82652ae7192a * [CVE-2016-3092] Improper Input Validation (7.5); https://ossindex.sonatype.org/vuln/39d74cc8-457a-4e57-89ef-a258420138c5 * [CVE-2016-1000031] Improper Access Control (9.8); https://ossindex.sonatype.org/vuln/3d5968a4-4e14-4a98-8816-a4e847bc1426 [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 1.292 s [INFO] Finished at: 2018-07-02T1221-07:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins3.0.0-M1:enforce (checks) on project vulnerable-fail: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Warn
To prevent build failure configure the level
parameter to WARN
:
<configuration>
<rules>
<banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies">
<level>WARN</level>
</banVulnerable>
</rules>
</configuration>
Example build output:
[INFO] --- maven-enforcer-plugin:3.0.0-M1:enforce (checks) @ vulnerable-warn --- [INFO] Checking for vulnerabilities: [INFO] commons-fileuploadjar:1.3:compile [INFO] commons-iojar:2.2:compile [INFO] Exclude coordinates: [] [INFO] Exclude vulnerability identifiers: [] [INFO] CVSS-score threshold: 0.0 [WARNING] Rule 0: org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies warned with message: Detected 1 vulnerable components: commons-fileuploadjar:1.3:compile; https://ossindex.sonatype.org/component/maven:commons-fileupload/commons-fileupload@1.3 * [CVE-2014-0050] Permissions, Privileges, and Access Controls (7.5); https://ossindex.sonatype.org/vuln/43e6c5a5-b586-4b31-9244-b62b6e36f2d0 * Arbitrary file upload via deserialization (0.0); https://ossindex.sonatype.org/vuln/fb810cbf-d8fb-4f30-b79b-82652ae7192a * [CVE-2016-3092] Improper Input Validation (7.5); https://ossindex.sonatype.org/vuln/39d74cc8-457a-4e57-89ef-a258420138c5 * [CVE-2016-1000031] Improper Access Control (9.8); https://ossindex.sonatype.org/vuln/3d5968a4-4e14-4a98-8816-a4e847bc1426 [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 1.209 s [INFO] Finished at: 2018-07-02T1219-07:00 [INFO] ------------------------------------------------------------------------