A lockfile is a list of every dependency with integrity-checking data. While the npm ecosystem supports the creation of a lockfile, Maven currently has none by default.
In this presentation, we introduce Maven-Lockfile, a new tool that provides a lockfile for Java and Maven. This lockfile contains the list of all dependencies and enables checking the integrity of the dependencies during the build. Maven-Lockfile compares the checksums for each dependency against the one in the lockfile and only allows dependencies with the exactly same version as in the lockfile.
In this talk, you learn about build integrity and how to use maven-lockfile for your maven builds.
Objective of the presentation:
Motivate developers to improve their Maven builds with more integrity. Raise awareness for better management of transitive dependencies.
Attendee pre-requisites - If none, enter "N/A":
Basic maven understanding