[ https://jira.codehaus.org/browse/MENFORCER-138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Gier updated MENFORCER-138: -------------------------------- Fix Version/s: 1.2 > Rule to ban all transitive dependencies > --------------------------------------- > > Key: MENFORCER-138 > URL: https://jira.codehaus.org/browse/MENFORCER-138 > Project: Maven 2.x Enforcer Plugin > Issue Type: New Feature > Components: Standard Rules > Reporter: Paul Gier > Assignee: Paul Gier > Fix For: 1.2 > > > In some projects it's necessary (or at least desirable) to have all > dependencies explicitly specified in pom. We have a build requirement to use > a strictly controlled maven repository which includes only artifacts which > are necessary and have been reviewed/approved. In order to meet this > requirement, each new dependency in the build much be reviewed before each > release. This can be done by periodically reviewing the dependency tree and > cleaning up any unnecessary dependencies, but it would be more efficient if > the developer adding the dependency was immediately notified that new > (possibly unnecessary) dependencies were added to the build and not > explicitly defined. The developer can immediately choose whether to exclude > the transitive dependency (if it's not really needed), or declare the > dependency and control the version using dependency management. Doing this > checking up front when the build is modified is more efficient than > periodically reviewing the dependency tree after several upgrades may have > taken place. > It In order to facilitate this use case, an enforcer rule could check that > all dependencies are explicitly defined unless they are specifically marked > to be ignored. This would ban all transitive dependencies so that the user > could either add the transitive dependency directly to the pom (if it's > actually needed), or exclude the dependency using exclusions in the > dependency management, or marked to be ignored using something like an > <excludes> parameter similar to other standard enforcer rules. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira