Whether they are disallowed locally for security, license, or dependability reasons, forbidden dependencies should not be used.
This rule raises an issue when the group or artifact id of a direct dependency matches the configured forbidden dependency pattern.
Noncompliant code example
With a parameter of: *:.*log4j.*
<dependency> <!-- Noncompliant -->
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
