[ 
https://issues.apache.org/jira/browse/MENFORCER-431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652853#comment-17652853
 ] 

Petr Široký edited comment on MENFORCER-431 at 12/29/22 3:05 PM:
-----------------------------------------------------------------

Just to clarify the naming of the property: we decided to use 
{{enforcer.skipRules}} (instead of just {{skipRules}} or {{{}rulesSkip{}}}) 
since all the other properties (except {{{}rules{}}}) do use the {{enforcer.}} 
prefix as well. The rule name(s) also needs to match the names in the XML 
configuration, -so {{{}banVulnerableDependencies{}}}, rather than 
{{{}BanVulnerableDependencies{}}}.- Turns out, you can use both options for the 
rule name in pom.xml - either {{banVulnerableDependencies}} or 
{{{}BanVulnerableDependencies{}}}. That being said, the {{enforcer.skipRules}} 
will do only exact match at this point

Sample usage would look like this:
{code:java}
 mvn verify 
-Denforcer.skipRules=banVulnerableDependencies,noPackageCyclesRule{code}
or
{code:java}
mvn verify -Denforcer.skipRules=BanVulnerableDependencies,NoPackageCyclesRule 
{code}
Depending on how the rules are named in pom.xml.

We also planning to deprecate the {{rules}} property and add a new one called 
{{enforcer.rules}} to match the naming convention with other properties.


was (Author: psiroky):
Just to clarify the naming of the property: we decided to use 
{{enforcer.skipRules}} (instead of just {{skipRules}} or {{{}rulesSkip{}}}) 
since all the other properties (except {{{}rules{}}}) do use the {{enforcer.}} 
prefix as well. The rule name(s) also need to match the names in the XML 
configuration, so {{{}banVulnerableDependencies{}}}, rather than 
{{{}BanVulnerableDependencies{}}}.

Sample usage would look like this:
{code:java}
 mvn verify 
-Denforcer.skipRules=banVulnerableDependencies,noPackageCyclesRule{code}
We also planning to deprecate the {{rules}} property and add a new one called 
{{enforcer.rules}} to match the naming convention with other properties.

> Skip specific rules
> -------------------
>
>                 Key: MENFORCER-431
>                 URL: https://issues.apache.org/jira/browse/MENFORCER-431
>             Project: Maven Enforcer Plugin
>          Issue Type: New Feature
>          Components: Plugin
>    Affects Versions: 3.1.0
>            Reporter: Delany
>            Assignee: Slawomir Jaranowski
>            Priority: Minor
>              Labels: up-for-grabs
>             Fix For: 3.2.0
>
>
> I can select rules like
> {code:java}
> mvn verify -Drules=alwaysPass,alwaysFail {code}
> or skip all rules with
> {code:java}
> mvn verify -Denforcer.skip
> {code}
> But what if I want to skip a single rule?
> {code:java}
> mvn verify -DrulesSkip=BanVulnerableDependencies{code}
> Or multiple
> {code:java}
> mvn verify -DrulesSkip=BanVulnerableDependencies,NoPackageCyclesRule{code}
> Vulnerabilities could be discovered and published at any time. This would be 
> a useful to quickly allow my builds to continue, since I can't always upgrade 
> dependencies as they appear.
> I don't want to turn off ALL my enforcer checks and I also dont want to list 
> all the checks in the build command.
> Skipping a rule is an exceptional circumstance so I don't want to commit it 
> to the pom.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to