Rules

By default, the SBOM Enforcer Maven Plugin offers the following rules.

`checksum`

The checksum rules does not have any configuration option and verifies that the checksums included in the SBOM are correct. Since the Maven local repository is used both as cache for consumed artifacts and staging area for published artifacts, it might happen that its content differs from the originals on Maven Central.

This rule is mostly useful in a release profile, together with the forceDependencyUpdate plugin parameter.

`validateReferences`

The validateReferences checks the URLs contained in your SBOM file to look for broken links. It accepts the following configuration options:

`failOnDependencyReferences`

Type	`boolean`
Default	`false`
Description	If `true`, the build will also fail if a broken link is encountered in a dependency component. Otherwise, the problem is only logged.

`failOnRedirect`

Type	`boolean`
Default	`false`
Description	If `true`, the rule will fail if any reference returns a `301` or `302` code.

`failOnAuth`

Type	`boolean`
Default	`false`
Description	If `true`, the rule will fail if any reference returns a `401` or `403` code.