CodeNotary
Integrations

With CodeNotary plugin for Maven you can verify and enforce the integrity and authenticity of all your project dependencies and make sure that no unauthorized library is built into your project. The plugin consists of this library available on GitHub.

Usage

To use use the plugin, please add the following plugin-dependency to your maven project:

<plugin>
    <groupId>us.vchain</groupId>
    <artifactId>jvcn-maven-plugin</artifactId>
    <version>0.0.1</version>
    <executions>
        <execution>
            <id>audit</id>
            <phase>validate</phase>
            <goals>
                <goal>audit</goal>
            </goals>
        </execution>
    </executions>
</plugin>

Plugin configurations

The plugin provides some configuration options:

failOnError (default: true)

Fails the maven build if a single dependency is not signed with the status TRUSTED on the code notary platform.

transitive (default: false)

Analyses the entire dependency graph of your project. By default, only direct dependencies are analysed.

requiredSigner (default: none)

Enforces that all checked dependencies must be signed by the provided signer.

Requirements

The library requires a Java 8 JVM.

 

Go to documentation