Java Developer Tools

Audit - Rules - Maven

Description
This group contains audit rules that look for potential problems in Maven POM files.

Rules:

Details

Dynamic Dependency in Maven

Summary
Using a dynamic dependency version is a security risk.

Description
This audit rule violates the usage of dynamic dependency version in Maven configuration files.

Security Implications
A dynamic dependency version adds to the number of undefined variables at the time of build that can be used by an attacker. More than that, you cannot validate the quality and security issues of the code used in the build. This is an additional security risk that should be taken into consideration.

Example
The following part of an Maven POM would be flagged as a violation because it declares a dependency with dynamically defined revision:

    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>[,3.8.1]</version>
        <scope>test</scope>
    </dependency>

External Dependency in Maven

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.