Hi all. The problem that I am trying to solve is to identify what projects in our CI server have given dependencies or inherit from a given corporate parent pom. For example, if we found a security problem with com.example:myArtifact:1.2.3, then I'd like to be able to run a command to easily find these.
I've looked at the enforcer plugin [1], but it seems like the only way to use it is if you have the config internal to the pom [2]. I've tried a command like "mvn enforcer:enforce -Drules.bannedDependencies.excludes.exclude=struts:struts", but that does not work (or I've got the properties wrong). I've thought of using a xml parser, but that won't help if a banned lib is pulled in transitivly. The only other way I've thought of doing this is running dependency:tree on each pom and then grep'ing the output, but that's a pretty clunkly solution. Does anyone have any suggestions on how to solve this? Thanks for your time, Jim [1] http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html [2] http://markmail.org/message/7pvzqh5nsxsqm5z5
