将 Java 项目中的库/依赖项列入黑名单
[英]Blacklisting Libraries/Dependencies within Java projects
问题描述
From a high level point of view I am looking to create a centralised list of libraries/dependencies that are either out of date and should not be used or can be used under warning.
从高层次的角度来看,我希望创建一个集中的库/依赖项列表,这些库/依赖项要么是过时的,要么不应该使用,要么可以在警告下使用。
We are using SonarQube for code inspection/coverage and my preference would be to use work the "Blacklist" into here through rules/analysis.我们正在使用 SonarQube 进行代码检查/覆盖,我更喜欢通过规则/分析将“黑名单”用于此处。 This would be the preferred option as it is indeed centralised and allows the selection of severity eg a library totally blacklisted as opposed to a warning.这将是首选选项,因为它确实是集中式的,并且允许选择严重性,例如完全列入黑名单而不是警告的库。 Though I have seen this mentioned on forums I have not seen a practical example of doing it.虽然我在论坛上看到过这个,但我还没有看到这样做的实际例子。
My question so is there a way of doing this and if so how?我的问题是有没有办法做到这一点,如果有的话如何? All other opinions are welcomed.欢迎所有其他意见。
I have looked at mavens bannedDependencies feature but I don't like the fact that it would break a build, allow the developer to edit and is not centralised.我已经查看了 mavens disabledDependencies 功能,但我不喜欢它会破坏构建,允许开发人员进行编辑并且不是集中的这一事实。
1 个解决方案
解决方案1
1 已采纳 2016-03-24 15:56:04
The Disallowed dependencies should not be used rule template is what you want. Disallowed dependencies should not be used规则模板就是你想要的。 It will let you specify dependencies by group and artifact id pattern, with or without version numbers.它将让您按组和工件 id 模式指定依赖项,有或没有版本号。
This rule is available from version 3.10 of the Java plugin.此规则可从 Java 插件的 3.10 版使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.