A lockfile is a list of every dependency with integrity-checking data. While the npm ecosystem supports the creation of a lockfile, Maven currently has none by default.
In this presentation, we introduce Maven-Lockfile, a new tool that provides a lockfile for Java and Maven. This lockfile contains the list of all dependencies and enables checking the integrity of the dependencies during the build. Maven-Lockfile compares the checksums for each dependency against the one in the lockfile and only allows dependencies with the exactly same version as in the lockfile.
In this talk, you learn about build integrity and how to use maven-lockfile for your maven builds.