Security Maven Plugin
Last modified by Thomas Mortagne on 2026/04/21 18:14
Check dependencies mojo
Search for known vulnerabilities in the project's dependencies. The resolution is done with Extension Manager logic, so it's not recommended to use that with Maven modules that are going to end up in a WAR (there might be some slight differences).
Usage
<build>
<plugins>
<plugin>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-tool-security-plugin</artifactId>
<version>17.10.3</version>
<executions>
<execution>
<id>check-dependencies</id>
<goals>
<goal>check-dependencies</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>Most of the time, you don't want to check for standard dependencies (dependencies that can be found in the XWiki WAR or flavor and have very little chance of being installed with the extensions, and over which the extensions have little power anyway):
<build>
<plugins>
<plugin>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-tool-security-plugin</artifactId>
<version>17.10.3</version>
<executions>
<execution>
<id>check-dependencies</id>
<goals>
<goal>check-dependencies</goal>
</goals>
<configuration>
<!-- Extensions we don't want to take into account -->
<coreExtensions>
<coreExtension>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-distribution-war-dependencies</artifactId>
<version>${platform.version}</version>
<type>pom</type>
</coreExtension>
</coreExtensions>
<installedFlavors>
<installedFlavor>
<id>org.xwiki.platform:xwiki-platform-distribution-flavor-mainwiki</id>
<version>${platform.version}</version>
</installedFlavor>
</installedFlavors>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>Configuration
See ExtensionPlugin for more details on other supported parameters configuration.
