The goal assert-depend binds to the validation phase of the build process. All you have to do is to configure the plugin in your pom.xml :
<project>
[...]
<build>
[...]
<plugins>
<plugin>
<groupId>net.sf.madp</groupId>
<artifactId>maven-assertdepend-plugin</artifactId>
<version>1.0</version>
<executions>
<execution>
<id>assert-depend</id>
<goals>
<goal>assert-depend</goal>
</goals>
</execution>
</executions>
[...]
</project>
The plugin will be available in the central Maven repository (http://repo1.maven.org/maven2) soon. Until then, use the following repository location:
<project>
[...]
<pluginRepositories>
<pluginRepository>
<id>madp</id>
<url>http://madp.sourceforge.net/m2repo</url>
</pluginRepository>
</pluginRepositories>
</project>
The next step ist to define lifecycle information for the dependencies in your remote repository. Artifact lifecycle metadata must be placed in a file named maven-artifact-lifecycle.xml in the corresponding group directory. For instance, if you want to define lifecycle information for struts, the corresponding metadata file is located here: struts/struts/maven-artifact-lifecycle.xml
Next, define your lifecycle rules. Example: Prohibit Struts 1.2.7 because of a security issue (Struts bug 38534, http://wiki.apache.org/struts/StrutsUpgradeNotes128to129) then you would do so like this:
<?xml version="1.0" encoding="UTF-8"?>
<artifactLifecycle xmlns="http://madp.sf.net/xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://madp.sf.net/xsd http://madp.sf.net/xsd/artifact-lifecycle_1_0.xsd">
<groupId>struts</groupId>
<artifactId>struts</artifactId>
<lifecycleStates>
<lifecycleState>
<versionPattern>1\.2\.7</versionPattern>
<status>flawed</status>
<comment>Security issue (DOS attack, struts bug 38534), upgrade to 1.2.9</comment>
</lifecycleState>
<lifecycleState>
<versionPattern>1\.2\.9</versionPattern>
<status>approved</status>
</lifecycleState>
</lifecycleStates>
</artifactLifecycle>
The artifact lifecycle schema provides further information about possible states and configuration possibilities.
If you run a standard Maven build phase, i.e. mvn install in your project and if this project is depending on Struts 1.2.7 you should get the following output:
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Building Test project for maven-assertdepend-plugin
[INFO] task-segment: [install]
[INFO] ------------------------------------------------------------------------
[INFO] [assertdepend:assert-depend {execution: assert-depend}]
[INFO] ------------------------------------------------------------------------
[ERROR] BUILD ERROR
[INFO] ------------------------------------------------------------------------
[INFO] FLAWED: struts:struts:jar:1.2.7:compile, comment: Security issue (DOS att
ack, struts bug 38534), upgrade to 1.2.9
[INFO] ------------------------------------------------------------------------
[INFO] For more information, run Maven with the -e switch
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1 second
[INFO] Finished at: Tue Jun 17 21:23:31 CEST 2008
[INFO] Final Memory: 4M/8M
[INFO] ------------------------------------------------------------------------