Allows to parse Java byte code to find invocations of method/class/field signatures and fail build.
Maven repository: https://mvnrepository.com/artifact/de.thetaphi/forbiddenapis/3.4
Home Page: https://github.com/policeman-tools/forbidden-apis

Plugin coordinates:

• Group Id: de.thetaphi
  
• Artifact Id: forbiddenapis
  

Goal Prefix: forbiddenapis

The forbiddenapis plugin has the following goals:

• help: Display help information on forbiddenapis.
  
  
• check: Check if no project generated class files (compile scope) contain calls to forbidden APIs from the project classpath and a list of API signatures (either inline or as pointer to files or bundled signatures).
  
  
• testCheck: Check if no project generated class files (test scope) contain calls to forbidden APIs from the project classpath and a list of API signatures (either inline or as pointer to files or bundled signatures).
  

The goal help gives general information about the forbiddenapis plugin and lists its goals.
The parameter detail gives detailed information about the parameters of the goals of the forbiddenapis plugin.
$ mvn de.thetaphi:forbiddenapis:3.4:help $ mvn de.thetaphi:forbiddenapis:3.4:help -Ddetail=true
You can also use the goal describe of the help plugin to get information about the forbiddenapis plugin and lists its goals:
$ mvn help:describe -Dplugin="de.thetaphi:forbiddenapis:3.4" $ mvn help:describe -Dplugin="de.thetaphi:forbiddenapis:3.4" -Ddetail=true
The parameter goal gives information about a goal of the forbiddenapis plugin:
$ mvn de.thetaphi:forbiddenapis:3.4:help -Dgoal=check -Ddetail=true $ mvn help:describe -Dplugin="de.thetaphi:forbiddenapis:3.4" -Dgoal=check -Ddetail=true

Maven Usage: https://github.com/policeman-tools/forbidden-apis/wiki/MavenUsage
Signatures Files: https://github.com/policeman-tools/forbidden-apis/tree/main/src/main/resources/de/thetaphi/forbiddenapis/signatures
Bundled Signatures: https://github.com/policeman-tools/forbidden-apis/wiki/BundledSignatures

Adjust your pom file with the following:
<plugin> <groupId>de.thetaphi</groupId> <artifactId>forbiddenapis</artifactId> <version>3.4</version> <configuration> <bundledSignatures> <!-- This will automatically choose the right signatures based on 'maven.compiler.target' --> <bundledSignature>jdk-unsafe</bundledSignature> <bundledSignature>jdk-deprecated</bundledSignature> <bundledSignature>jdk-internal</bundledSignature> <!-- disallow undocumented classes like sun.misc.Unsafe: --> <bundledSignature>jdk-non-portable</bundledSignature> <!-- don't allow unsafe reflective access: --> <bundledSignature>jdk-reflection</bundledSignature> <!-- [ERROR] Forbidden field access: java.lang.System#out [prints to System.out; should only be used for debugging, not in production code] --> <bundledSignature>jdk-system-out</bundledSignature> <!-- [ERROR] Failed to execute goal de.thetaphi:forbiddenapis:3.4:check (forbiddenapis-check) on project: Parsing signatures failed: Class 'org.apache.commons.io.CopyUtils' not found on classpath while parsing signature: org.apache.commons.io.CopyUtils#copy(byte[],java.io.Writer) --> <bundledSignature>commons-io-unsafe-2.11.0</bundledSignature> </bundledSignatures> <!-- If a class is missing while parsing signatures files, all methods and fields from this class are silently ignored. --> <ignoreSignaturesOfMissingClasses>true</ignoreSignaturesOfMissingClasses> </configuration> <executions> <execution> <id>forbiddenapis-check</id> <phase>package</phase> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin>