Introduction

This plugin allow you to automatically verify PGP signature of all project dependency.

Features check signature of artifacts during each build, not only during artifact download from the remote repository to local

possibility to map pgp key fingerprint to artifacts, so we can detect if correct key is used for making signature

possibility to check signature of maven plugins used during build

there is no external software need to install - plugin use Bouncy Castle library to manage pgp operations

works on many operating system and jdk versions - confirmed by CI builds - Linux, Windows, Mac OS, JDK 8, 11, 14

Usage You can try it by running in your project directory: mvn org.simplify4u.plugins:pgpverify-maven-plugin:check More examples of usage