Skip to content

Commit

Permalink
build: Crank up Enforcer rules and turn on ossindex audit
Browse files Browse the repository at this point in the history
  • Loading branch information
@astubbs
astubbs committed Mar 23, 2022
1 parent 7c5ac01 commit 46053a4
Showing 1 changed file with 43 additions and 1 deletion.
44 changes: 43 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -440,6 +440,20 @@
</testResource>
</testResources>
<plugins>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>audit-dependencies</id>
<phase>validate</phase>
<goals>
<goal>audit</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.soebes.maven.plugins</groupId>
<artifactId>echo-maven-plugin</artifactId>
Expand Down Expand Up @@ -627,10 +641,11 @@
<version>3.0.0</version>
<executions>
<execution>
<id>enforce-java</id>
<id>enforce-versions</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<requireJavaVersion>
Expand All @@ -639,6 +654,32 @@
<requireMavenVersion>
<version>3.6.3</version>
</requireMavenVersion>
<requireMavenVersion>
<version>3.6.3</version>
</requireMavenVersion>
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<exclude>log4j:*:*:*:runtime</exclude>
<exclude>log4j:*:*:*:compile</exclude>
<exclude>log4j:*:*:*:test</exclude>
<exclude>org.apache.logging.log4j:log4j-core:*:*:runtime</exclude>
<exclude>org.apache.logging.log4j:log4j-core:*:*:compile</exclude>
<!-- Javafaker is abandoned and has CVEs and bugs -->
<exclude>com.github.javafaker</exclude>
</excludes>
</bannedDependencies>
<reactorModuleConvergence/>
<banDuplicatePomDependencyVersions/>
<requireSameVersions/>
<requireReleaseDeps>
<onlyWhenRelease>false</onlyWhenRelease>
<failWhenParentIsSnapshot>false</failWhenParentIsSnapshot>
<excludes>
<exclude>io.confluent.parallelconsumer:</exclude>
</excludes>
</requireReleaseDeps>
<requirePluginVersions/>
</rules>
</configuration>
</execution>
Expand Down Expand Up @@ -767,6 +808,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.2.0</version>
<executions>
<execution>
<phase>initialize</phase>
Expand Down

0 comments on commit 46053a4

Please sign in to comment.