Whether they are disallowed locally for security, license, or dependability reasons, forbidden dependencies should not be used.

This rule raises an issue when the group or artifact id of a dependency matches the configured forbidden dependency pattern.

Noncompliant Code Example

With a parameter of: *:.*log4j.*

 
<dependency> <!-- Noncompliant --> 
    <groupId>log4j</groupId>
    <artifactId>log4j</artifactId> 
    <version>1.2.17</version> 
</dependency>