Whether they are disallowed locally for security, license, or dependability reasons, forbidden dependencies should not be used.
This rule raises an issue when the group or artifact id of a direct dependency matches the configured forbidden dependency pattern.
With a parameter of: *:.*log4j.*
<dependency> <!-- Noncompliant --> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency>