[
https://issues.apache.org/jira/browse/MENFORCER-422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17633924#comment-17633924
]
Jimisola Laursen edited comment on MENFORCER-422 at 11/14/22 4:39 PM:
----------------------------------------------------------------------
We have a similar request and I was wondering if it could be handled together
or it might already be. Looking at the PR and
[docs|https://github.com/apache/maven-enforcer/pull/180/files#diff-52ca79536e0b1dc2298afdae5b7e6357c5af22eef6b5c63444237c5e189a037b]
it seems as if it's the entire <rules> section that can be externalized.
However, only to a file or classpath. Or am I missing that an URL is supported?
Background: A feature request has been filed with
[OSS|https://github.com/sonatype/ossindex-maven/issues/80] regarding this
matter but any solution in Maven Enforcer or OSSIndex that solves it for us
would of course do :)
We are using OSS Index with Maven Enforcer. However, there are lot of CVEs
nowadays which causes us to have to rebuild a lot of Maven POMs to update
excludes (excludeCoordinates and excludeVulnerabilityIds).
It would be very useful if the excludes could be configured so that they are
external, e.g. using a file and/or url. Preferably an URL as I believe this
would work better with our CI/CD and DevOps (solution needs to work for local
development as well as in pipelines).
What is the status of this issue and PR(s)? What release can it be suspected to
be released with? And will URLs be supported?
was (Author: JIRAUSER281352):
We have a similar request and I was wondering if it could be handled together
or it might already be. Looking at the PR and
[docs|https://github.com/apache/maven-enforcer/pull/180/files#diff-52ca79536e0b1dc2298afdae5b7e6357c5af22eef6b5c63444237c5e189a037b]
it seems as if it's the entire <rules> section that can be externalized.
A feature request has been filed with
[OSS|https://github.com/sonatype/ossindex-maven/issues/80] regarding this
matter but any solution in Maven Enforcer or OSSIndex that solves it for us
would of course do :)
We are using OSS Index with Maven Enforcer. However, there are lot of CVEs
nowadays which causes us to have to rebuild a lot of Maven POMs to update
excludes (excludeCoordinates and excludeVulnerabilityIds).
It would be very useful if the excludes could be configured so that they are
external, e.g. using a file and/or url. Preferably an URL as I believe this
would work better with our CI/CD and DevOps (solution needs to work for local
development as well as in pipelines).
Is this something that this ticket could handle or should I create a new ticket?
> Support declaring external banned dependencies in an external file/URL
> ----------------------------------------------------------------------
>
> Key: MENFORCER-422
> URL: https://issues.apache.org/jira/browse/MENFORCER-422
> Project: Maven Enforcer Plugin
> Issue Type: New Feature
> Reporter: George Gastaldi
> Priority: Major
>
> There are some use cases where the list of banned dependencies declared in an
> enforcer plugin configuration needs to be reused in another project. It would
> be nice if the {{bannedDependencies}} rule could read the list of banned
> dependencies from an external file/URL
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
