I would suggest to integrate the maven-dependency-plugin in CI and check that no warnings are emitted.
This is the output of an mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.1:analyze-only command on the current repo:
[WARNING] Used undeclared dependencies found:
[WARNING] org.codehaus.plexus:plexus-component-annotations:jar:1.7.1:provided
[WARNING] org.apache.maven.resolver:maven-resolver-api:jar:1.1.1:provided
[WARNING] org.apache.maven.resolver:maven-resolver-impl:jar:1.1.1:provided
[WARNING] commons-io:commons-io:jar:2.5:compile
[WARNING] com.fasterxml.jackson.core:jackson-annotations:jar:2.8.0:compile
[WARNING] org.slf4j:slf4j-api:jar:1.7.24:compile
[WARNING] org.apache.maven.resolver:maven-resolver-spi:jar:1.1.1:provided
[WARNING] org.apache.maven:maven-artifact:jar:3.5.3:provided
[WARNING] org.apache.maven.wagon:wagon-provider-api:jar:3.0.0:compile
[WARNING] com.fasterxml.jackson.core:jackson-databind:jar:2.8.7:compile
[WARNING] Unused declared dependencies found:
[WARNING] org.slf4j:jcl-over-slf4j:jar:1.7.24:compile
[WARNING] org.slf4j:slf4j-simple:jar:1.7.24:compile
[WARNING] org.codehaus.plexus:plexus-utils:jar:3.0.24:compile
I would suggest to also add the analyze-dep-mgt and the analyze-duplicate targets.
I would suggest to integrate the
maven-dependency-pluginin CI and check that no warnings are emitted.This is the output of an
mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.1:analyze-onlycommand on the current repo:I would suggest to also add the
analyze-dep-mgtand theanalyze-duplicatetargets.