Code and walkthrough for the talk "Apache Maven survival guide “Bring it on! -Mode” #no-external-tools #only-standard-plugins"
mvn verify
- check for plugin updates
mvn versions:display-plugin-updates
- add maven-enforcer-plugin
- check for plugin updates - again
mvn versions:display-plugin-updates
- update maven-surefire-plugin to a version that supports Junit 5
- specify a version for all plugins in your build
- check if you caught them all with
mvn versions:display-plugin-updates
Note 1: Maven 3.8 will break your bulid if you have non-https URLs for repos
Note 2: You can use Maven Wrapper to bring your own Maven Version to build your project
- add some dependencies - because your code needs them?
- check for used / unused dependencies
mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:analyze
- check the dependency tree to understand what is happening
mvn dependency:tree
- marie kondo your dependencies - also check if your dependencies "spark joy"
- check for CVEs with
mvn org.owasp:dependency-check-maven:check
- understand what the result means for your project (target/dependency-check-report.html)
- update your affected dependencies
- recheck for CVEs with
mvn org.owasp:dependency-check-maven:check
- add the maven-profiler extension https://github.com/jcgay/maven-profiler
- find out where you can save time, money and the planet earth
mvn clean verify -Dprofile
mvn clean install -Dprofile
mvn verify -Dprofile
- kill stale resources
mvn verify -Dprofile -X
- declare a license for your project
- check if you are going to jail and why (legal stuff / wasting bandwidth)
mvn project-info-reports:dependencies
mvn license:third-party-report