You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Jimisola Laursen (Jira)" <ji...@apache.org> on 2022/11/14 16:30:00 UTC
[jira] [Commented] (MENFORCER-422) Support declaring external banned dependencies in an external file/URL
[ https://issues.apache.org/jira/browse/MENFORCER-422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17633924#comment-17633924 ]
Jimisola Laursen commented on MENFORCER-422:
--------------------------------------------
We have a similar request and I was wondering if it could be handled together.
A feature request has been filed with [OSS|https://github.com/sonatype/ossindex-maven/issues/80] regarding this matter but a solution in Maven Enforcer would only solve our issue.
We are using OSS Index with Maven Enforcer. However, there are lot of CVEs nowadays which causes us to have to rebuild a lot of Maven POMs to update excludes (excludeCoordinates and excludeVulnerabilityIds).
It would be very useful if the excludes could be configured so that they are external, e.g. using a file and/or url. Preferably an URL as I believe this would work better with our CI/CD and DevOps (solution needs to work for local development as well as in pipelines).
> Support declaring external banned dependencies in an external file/URL
> ----------------------------------------------------------------------
>
> Key: MENFORCER-422
> URL: https://issues.apache.org/jira/browse/MENFORCER-422
> Project: Maven Enforcer Plugin
> Issue Type: New Feature
> Reporter: George Gastaldi
> Priority: Major
>
> There are some use cases where the list of banned dependencies declared in an enforcer plugin configuration needs to be reused in another project. It would be nice if the {{bannedDependencies}} rule could read the list of banned dependencies from an external file/URL
--
This message was sent by Atlassian Jira
(v8.20.10#820010)