使用 maven-enforcer-plugin
<build>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.3.0</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.6.2</version>
</dependency>
<dependency>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-enforcer-rules</artifactId>
<version>3.2.0</version>
</dependency>
</dependencies>
<executions>
<!-- 检查重复jar-->
<execution>
<id>enforce</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<dependencyConvergence/>
<banDuplicatePomDependencyVersions/>
</rules>
<!-- 配置此,只打日志警告,不报错误 -->
<fail>false</fail>
</configuration>
</execution>
<!-- 检查重复类 -->
<execution>
<id>default-cli</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<banDuplicateClasses>
<findAllDuplicates>true</findAllDuplicates>
</banDuplicateClasses>
<banCircularDependencies/>
</rules>
<fail>false</fail>
</configuration>
</execution>
<!-- 检查易受攻击的jar -->
<execution>
<id>vulnerability-checks</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
</rules>
<fail>false</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>