maven-survival-guide

Code and walkthrough for the talk "Apache Maven survival guide “Bring it on! -Mode” #no-external-tools #only-standard-plugins"

Walkthrough

Make sure you can build the project mvn verify
Have a look and see what your effective POM looks like: mvn help:effective-pom

Note 1: Maven 3.8.1 will break your bulid if you have non-https URLs for repos

Note 2: You can use Maven Wrapper to bring your own Maven Version to build your project

add some dependencies - because your code needs them?
check for used / unused dependencies mvn dependency:analyze or if you have an older version with a bug mvn org.apache.maven.plugins:maven-dependency-plugin:3.5.0:analyze
check the dependency tree to understand what is happening mvn dependency:tree
marie kondo your dependencies - also check if your dependencies "spark joy"

check for CVEs with mvn org.owasp:dependency-check-maven:check
understand what the result means for your project (target/dependency-check-report.html)
update your affected dependencies
recheck for CVEs with mvn org.owasp:dependency-check-maven:check

use a current Java and Maven version for your builds: https://maven.soebes.team/scenario-1.html
add the maven-profiler extension from Jean-Christophe Gay or Karl Heinz Marbaise
find out where you can save time, money and the planet earth 3.1. What (plugins) are executed in which phase? mvn buildplan:list-phase

3.2. Profile different commands and see the differences:
mvn clean install
mvn clean verify
mvn verify
mvn install
find and kill stale resources mvn verify -X

declare a license for your project
check if you are going to jail and why (legal stuff / wasting bandwidth)
mvn project-info-reports:dependencies
mvn license:third-party-report