[MENFORCER-424] - Add rule which bans scope from
dependencyManagement
diff --git a/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScope.java b/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScope.java
new file mode 100644
index 0000000..94fe177
--- /dev/null
+++ b/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScope.java
@@ -0,0 +1,218 @@
+package org.apache.maven.plugins.enforcer;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
+import org.apache.maven.enforcer.rule.api.EnforcerRule2;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
+import org.apache.maven.model.Dependency;
+import org.apache.maven.model.DependencyManagement;
+import org.apache.maven.model.InputLocation;
+import org.apache.maven.plugin.logging.Log;
+import org.apache.maven.plugins.enforcer.utils.ArtifactMatcher;
+import org.apache.maven.project.MavenProject;
+import org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+
+/**
+ * This rule bans all scope values except for {@code import} from dependencies within the dependency management. 
+ * There is a configuration option to ignore certain dependencies in this check.
+ */
+public class BanDependencyManagementScope
+    extends AbstractNonCacheableEnforcerRule
+    implements EnforcerRule2
+{
+
+    /**
+     * Specify the dependencies that will be ignored. This can be a list of artifacts in the format
+     * <code>groupId[:artifactId][:version][:type][:scope]</code>. Wildcard '*' can be used to in place of specific
+     * section (ie group:*:1.0 will match both 'group:artifact:1.0' and 'group:anotherArtifact:1.0'). Version is a
+     * string representing standard Maven version range. Empty patterns will be ignored.
+     *
+     * @see {@link #setExcludes(List)}
+     */
+    private List<String> excludes = null;
+
+    /**
+     * If {@code true} the dependencyManagement from imported dependencyManagement and parent pom's is checked as well,
+     * otherwise only the local dependencyManagement defined in the current project's pom.xml.
+     */
+    private boolean checkEffectivePom = false;
+
+    @Override
+    public void execute( EnforcerRuleHelper helper )
+        throws EnforcerRuleException
+    {
+        Log logger = helper.getLog();
+        MavenProject project;
+        try
+        {
+            project = (MavenProject) helper.evaluate( "${project}" );
+            if ( project == null )
+            {
+                throw new EnforcerRuleException( "${project} is null" );
+            }
+            // only evaluate local depMgmt, without taking into account inheritance and interpolation
+            DependencyManagement depMgmt = checkEffectivePom ? project.getModel().getDependencyManagement()
+                            : project.getOriginalModel().getDependencyManagement();
+            if ( depMgmt != null && depMgmt.getDependencies() != null )
+            {
+                List<Dependency> violatingDependencies  = getViolatingDependencies( logger, depMgmt );
+                if ( !violatingDependencies.isEmpty() )
+                {
+                    String projectId = getProjectId( project );
+                    String message = getMessage();
+                    StringBuilder buf = new StringBuilder();
+                    if ( message == null )
+                    {
+                        message = "Scope other than 'import' is not allowed in 'dependencyManagement'";
+                    }
+                    buf.append( message + System.lineSeparator() );
+                    for ( Dependency violatingDependency : violatingDependencies )
+                    {
+                        buf.append( getErrorMessage( projectId, violatingDependency ) );
+                    }
+                    throw new EnforcerRuleException( buf.toString() );
+                }
+            }
+        }
+        catch ( ExpressionEvaluationException e )
+        {
+            throw new EnforcerRuleException( "Cannot resolve expression: " + e.getCause(), e );
+        }
+        catch ( InvalidVersionSpecificationException e )
+        {
+            throw new EnforcerRuleException( "Invalid version range give in excludes " + e.getCause(), e );
+        }
+    }
+
+    protected List<Dependency> getViolatingDependencies( Log logger, DependencyManagement depMgmt )
+        throws InvalidVersionSpecificationException
+    {
+        final ArtifactMatcher excludesMatcher;
+        if ( excludes != null )
+        {
+            excludesMatcher = new ArtifactMatcher( excludes, Collections.emptyList() );
+        }
+        else
+        {
+            excludesMatcher = null;
+        }
+        List<Dependency> violatingDependencies = new ArrayList<>();
+        for ( Dependency dependency : depMgmt.getDependencies() )
+        {
+            if ( dependency.getScope() != null && !"import".equals( dependency.getScope() ) )
+            {
+                if ( excludesMatcher != null && excludesMatcher.match( dependency ) )
+                {
+                    logger.debug( "Skipping excluded dependency " + dependency + " with scope "
+                        + dependency.getScope() );
+                    continue;
+                }
+                violatingDependencies.add( dependency );
+            }
+        }
+        return violatingDependencies;
+    }
+
+    private static CharSequence getErrorMessage( String projectId, Dependency violatingDependency )
+    {
+        return "Banned scope '" + violatingDependency.getScope() + "' used on dependency '"
+                        + violatingDependency.getManagementKey() + "' @ "
+                        + formatLocation( projectId, violatingDependency.getLocation( "" ) )
+                        + System.lineSeparator();
+    }
+
+    // Get the identifier of the POM in the format <groupId>:<artifactId>:<version>.
+    protected static String getProjectId( MavenProject project )
+    {
+        StringBuilder buffer = new StringBuilder( 128 );
+
+        buffer.append( ( project.getGroupId() != null && project.getGroupId().length() > 0 ) ? project.getGroupId()
+                        : "[unknown-group-id]" );
+        buffer.append( ':' );
+        buffer.append( ( project.getArtifactId() != null && project.getArtifactId().length() > 0 )
+                        ? project.getArtifactId()
+                        : "[unknown-artifact-id]" );
+        buffer.append( ':' );
+        buffer.append( ( project.getVersion() != null && project.getVersion().length() > 0 ) ? project.getVersion()
+                        : "[unknown-version]" );
+
+        return buffer.toString();
+    }
+
+    /**
+     * Creates a string with line/column information for problems originating directly from this POM. Inspired by
+     * {@code o.a.m.model.building.ModelProblemUtils.formatLocation(...)}.
+     *
+     * @param projectId the id of the current project's pom.
+     * @param location The location which should be formatted, must not be {@code null}.
+     * @return The formatted problem location or an empty string if unknown, never {@code null}.
+     */
+    protected static String formatLocation( String projectId, InputLocation location )
+    {
+        StringBuilder buffer = new StringBuilder();
+
+        if ( !location.getSource().getModelId().equals( projectId ) )
+        {
+            buffer.append( location.getSource().getModelId() );
+
+            if ( location.getSource().getLocation().length() > 0 )
+            {
+                if ( buffer.length() > 0 )
+                {
+                    buffer.append( ", " );
+                }
+                buffer.append( location.getSource().getLocation() );
+            }
+        }
+        if ( location.getLineNumber() > 0 )
+        {
+            if ( buffer.length() > 0 )
+            {
+                buffer.append( ", " );
+            }
+            buffer.append( "line " ).append( location.getLineNumber() );
+        }
+        if ( location.getColumnNumber() > 0 )
+        {
+            if ( buffer.length() > 0 )
+            {
+                buffer.append( ", " );
+            }
+            buffer.append( "column " ).append( location.getColumnNumber() );
+        }
+        return buffer.toString();
+    }
+
+    public void setExcludes( List<String> theExcludes )
+    {
+        this.excludes = theExcludes;
+    }
+
+    public void setCheckEffectivePom( boolean checkEffectivePom )
+    {
+        this.checkEffectivePom = checkEffectivePom;
+    }
+}
diff --git a/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/utils/ArtifactMatcher.java b/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/utils/ArtifactMatcher.java
index 3817569..3511518 100644
--- a/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/utils/ArtifactMatcher.java
+++ b/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/utils/ArtifactMatcher.java
@@ -23,9 +23,11 @@
 import org.apache.maven.artifact.versioning.DefaultArtifactVersion;
 import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
 import org.apache.maven.artifact.versioning.VersionRange;
+import org.apache.maven.model.Dependency;
 import org.apache.maven.plugins.enforcer.AbstractVersionEnforcer;
 import java.util.Collection;
 import java.util.LinkedList;
+import java.util.Objects;
 
 /**
  * This class is used for matching Artifacts against a list of patterns.
@@ -73,21 +75,31 @@
         public boolean match( Artifact artifact )
             throws InvalidVersionSpecificationException
         {
-            if ( artifact == null )
-            {
-                throw new NullPointerException( "artifact" );
-            }
+            Objects.requireNonNull( artifact, "artifact must not be null" );
+            return match( artifact.getGroupId(), artifact.getArtifactId(), artifact.getVersion(), 
+                          artifact.getType(), artifact.getScope(), artifact.getClassifier() );
+        }
 
+        public boolean match( Dependency dependency )
+            throws InvalidVersionSpecificationException
+        {
+            Objects.requireNonNull( dependency, "dependency must not be null" );
+            return match( dependency.getGroupId(), dependency.getArtifactId(), dependency.getVersion(), 
+                          dependency.getType(), dependency.getScope(), dependency.getClassifier() );
+        }
+
+        private boolean match( String groupId, String artifactId, String version, 
+                               String type, String scope, String classifier )
+            throws InvalidVersionSpecificationException
+        {
             switch ( parts.length )
             {
                 case 6:
-                    String classifier = artifact.getClassifier();
                     if ( !matches( parts[5], classifier ) )
                     {
                         return false;
                     }
                 case 5:
-                    String scope = artifact.getScope();
                     if ( scope == null || scope.equals( "" ) )
                     {
                         scope = Artifact.SCOPE_COMPILE;
@@ -98,7 +110,6 @@
                         return false;
                     }
                 case 4:
-                    String type = artifact.getType();
                     if ( type == null || type.equals( "" ) )
                     {
                         type = "jar";
@@ -110,12 +121,11 @@
                     }
 
                 case 3:
-                    if ( !matches( parts[2], artifact.getVersion() ) )
+                    if ( !matches( parts[2], version ) )
                     {
                         // CHECKSTYLE_OFF: LineLength
                         if ( !AbstractVersionEnforcer.containsVersion( VersionRange.createFromVersionSpec( parts[2] ),
-                                                                       new DefaultArtifactVersion(
-                                                                                                   artifact.getVersion() ) ) )
+                                                                       new DefaultArtifactVersion( version ) ) )
                         // CHECKSTYLE_ON: LineLength
                         {
                             return false;
@@ -123,12 +133,12 @@
                     }
 
                 case 2:
-                    if ( !matches( parts[1], artifact.getArtifactId() ) )
+                    if ( !matches( parts[1], artifactId ) )
                     {
                         return false;
                     }
                 case 1:
-                    return matches( parts[0], artifact.getGroupId() );
+                    return matches( parts[0], groupId );
                 default:
                     throw new AssertionError();
             }
@@ -169,14 +179,8 @@
      */
     public ArtifactMatcher( final Collection<String> patterns, final Collection<String> ignorePatterns )
     {
-        if ( patterns == null )
-        {
-            throw new NullPointerException( "patterns" );
-        }
-        if ( ignorePatterns == null )
-        {
-            throw new NullPointerException( "ignorePatterns" );
-        }
+        Objects.requireNonNull( patterns, "patterns must not be null" );
+        Objects.requireNonNull( ignorePatterns, "ignorePatterns must not be null" );
         for ( String pattern : patterns )
         {
             if ( pattern != null && !"".equals( pattern ) )
@@ -221,4 +225,32 @@
         }
         return false;
     }
+
+    /**
+     * Check if dependency matches patterns.
+     * 
+     * @param dependency the dependency to match
+     * @return {@code true} if dependency matches any {@link #patterns} and none of the {@link #ignorePatterns},
+     *         otherwise {@code false}
+     * @throws InvalidVersionSpecificationException if any pattern contains an invalid version range
+     */
+    public boolean match( Dependency dependency )
+        throws InvalidVersionSpecificationException
+    {
+        for ( Pattern pattern : patterns )
+        {
+            if ( pattern.match( dependency ) )
+            {
+                for ( Pattern ignorePattern : ignorePatterns )
+                {
+                    if ( ignorePattern.match( dependency ) )
+                    {
+                        return false;
+                    }
+                }
+                return true;
+            }
+        }
+        return false;
+    }
 }
diff --git a/enforcer-rules/src/site/apt/banDependencyManagementScope.apt.vm b/enforcer-rules/src/site/apt/banDependencyManagementScope.apt.vm
new file mode 100644
index 0000000..6b00cf7
--- /dev/null
+++ b/enforcer-rules/src/site/apt/banDependencyManagementScope.apt.vm
@@ -0,0 +1,94 @@
+~~ Licensed to the Apache Software Foundation (ASF) under one
+~~ or more contributor license agreements.  See the NOTICE file
+~~ distributed with this work for additional information
+~~ regarding copyright ownership.  The ASF licenses this file
+~~ to you under the Apache License, Version 2.0 (the
+~~ "License"); you may not use this file except in compliance
+~~ with the License.  You may obtain a copy of the License at
+~~
+~~ http://www.apache.org/licenses/LICENSE-2.0
+~~
+~~ Unless required by applicable law or agreed to in writing,
+~~ software distributed under the License is distributed on an
+~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~~ KIND, either express or implied.  See the License for the
+~~ specific language governing permissions and limitations
+~~ under the License.    
+ 
+  ------
+  Ban Dependency Management Scope
+  ------
+  Konrad Windszus
+  ------
+  June 2022
+  ------
+
+Ban Dependency Management Scope
+
+  This rule bans all scope values except for {{{https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Importing_Dependencies}<<<import>>>}} from dependencies within the dependency management.
+
+   The following parameters are supported by this rule:
+   
+   * <<checkEffectivePom>> - if <<<true>>> the dependencyManagement from imports and parent pom's are checked as well, otherwise only the local dependencyManagement defined in the current project's pom.xml. Default is <<<false>>>.
+   
+   * <<excludes>> - a list of dependencies to ignore. The format is <<<groupId[:artifactId][:version][:type][:scope][:classifier]>>> where <<<artifactId>>>, <<<version>>>, <<<type>>>, <<<scope>>> and <<<classifier>>> are optional. Wildcards may be used to replace an entire or just parts of a section.
+      Examples:
+       
+        * <<<org.apache.maven>>>
+        
+        * <<<org.apache.maven:someArtifact>>>
+        
+        * <<<org.apache.maven:artifact:someVersion>>>
+        
+        * <<<org.apache.maven:*:1.2>>> (exclude version 1.2 and above, equivalent to [1.2,) )
+
+        * <<<org.apache.maven:*:[1.2]>>> (explicit exclude of version 1.2)
+        
+        * <<<org.apache.maven:*:*:jar:test>>>
+        
+        * <<<*:*:*:jar:compile:tests>>>
+
+        * <<<org.apache.*:maven-*:*>>>
+        
+        []
+   
+   * <<message>> - an optional message to the user if the rule fails.
+   
+   []
+
+   
+  Sample Plugin Configuration:
+  
++---+
+<project>
+  [...]
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>${project.version}</version>
+        <executions>
+          <execution>
+            <id>ban-dependency-management-scope</id>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <banDependencyManagementScope>
+                  <excludes>
+                    <exclude>org.apache.maven</exclude>
+                  </excludes>
+                  <checkEffectivePom>true</checkEffectivePom>
+                </banDependencyManagementScope>
+              </rules>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+  [...]
+</project>
++---+
diff --git a/enforcer-rules/src/site/apt/index.apt b/enforcer-rules/src/site/apt/index.apt
index 5567a6f..f9dee96 100644
--- a/enforcer-rules/src/site/apt/index.apt
+++ b/enforcer-rules/src/site/apt/index.apt
@@ -30,6 +30,8 @@
   * {{{./alwaysFail.html}alwaysFail}} - Always fail... used to test plugin configuration.
 
   * {{{./alwaysPass.html}alwaysPass}} - Always passes... used to test plugin configuration.
+
+  * {{{./banDependencyManagementScope.html}banDependencyManagementScope}} - bans all scope values except for 'import' from dependencies within the dependency management.
   
   * {{{./banDistributionManagement.html}banDistributionManagement}} - enforces that project doesn't have distributionManagement.
   
diff --git a/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScopeTest.java b/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScopeTest.java
new file mode 100644
index 0000000..0d55597
--- /dev/null
+++ b/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScopeTest.java
@@ -0,0 +1,74 @@
+package org.apache.maven.plugins.enforcer;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.Collections;
+
+import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.model.Dependency;
+import org.apache.maven.model.DependencyManagement;
+import org.apache.maven.plugin.logging.SystemStreamLog;
+import org.hamcrest.MatcherAssert;
+import org.hamcrest.Matchers;
+import org.junit.jupiter.api.Test;
+
+class BanDependencyManagementScopeTest
+{
+    @Test
+    void testGetViolatingDependencies()
+        throws EnforcerRuleException, InvalidVersionSpecificationException
+    {
+        BanDependencyManagementScope rule = new BanDependencyManagementScope();
+        DependencyManagement depMgmt = new DependencyManagement();
+        Dependency depWithoutScope = createDependency( "myGroup", "artifact1", null );
+        Dependency depWithScope = createDependency( "myGroup", "artifact2", "1.1.0", "provided" );
+        Dependency depWithImportScope = createDependency( "myGroup", "artifact3", "1.1.0", "import" );
+        Dependency excludedDepWithScope = createDependency( "myGroup", "artifact4", "1.1.0", "provided" );
+        depMgmt.addDependency( depWithoutScope );
+        depMgmt.addDependency( depWithScope );
+        depMgmt.addDependency( depWithImportScope );
+        depMgmt.addDependency( excludedDepWithScope );
+        rule.setExcludes( Collections.singletonList( "*:artifact4" ) );
+        MatcherAssert.assertThat( rule.getViolatingDependencies( new SystemStreamLog(), depMgmt ),
+                                  Matchers.contains( depWithScope ) );
+    }
+
+    static Dependency createDependency( String groupId, String artifactId, String version )
+    {
+        return createDependency( groupId, artifactId, version, null );
+    }
+
+    static Dependency createDependency( String groupId, String artifactId, String version, String scope )
+    {
+        Dependency dependency = new Dependency();
+        dependency.setGroupId( groupId );
+        dependency.setArtifactId( artifactId );
+        if ( version != null )
+        {
+            dependency.setVersion( version );
+        }
+        if ( scope != null )
+        {
+            dependency.setScope( scope );
+        }
+        return dependency;
+    }
+}
diff --git a/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/utils/TestArtifactMatcher.java b/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/utils/TestArtifactMatcher.java
index 3307076..70703a1 100644
--- a/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/utils/TestArtifactMatcher.java
+++ b/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/utils/TestArtifactMatcher.java
@@ -75,7 +75,7 @@
         try
         {
             Pattern p = new Pattern( "*" );
-            p.match( null );
+            p.match( (Artifact)null );
             fail( "NullPointerException expected." );
         }
         catch ( NullPointerException ignored )
diff --git a/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/invoker.properties b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/invoker.properties
new file mode 100644
index 0000000..58b6526
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/invoker.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.buildResult = failure
diff --git a/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/pom.xml b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/pom.xml
new file mode 100644
index 0000000..c8f6eff
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/pom.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project>
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>org.apache.maven.its.enforcer</groupId>
+  <artifactId>ban-dependency-management-scope-fail-test</artifactId>
+  <version>1.0</version>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>@project.version@</version>
+        <executions>
+          <execution>
+            <id>test</id>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <banDependencyManagementScope>
+                  <excludes>
+                    <exclude>org.apache.maven.plugins.enforcer.its:menforcer138_classworlds</exclude>
+                    <exclude>org.apache.maven.plugins.enforcer.its:menforcer138_io</exclude>
+                  </excludes>
+                </banDependencyManagementScope>
+              </rules>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+          <artifactId>menforcer128_api</artifactId>
+          <version>1.4.0</version>
+          <scope>import</scope><!-- allowed scope -->
+      </dependency>
+      <dependency>
+        <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+          <artifactId>menforcer138_archiver</artifactId>
+          <version>2.1.1</version>
+          <scope>provided</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+        <artifactId>menforcer138_utils</artifactId>
+        <scope>test</scope>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+      <artifactId>menforcer138_archiver</artifactId>
+      <version>2.1.1</version>
+    </dependency>  
+    <dependency>
+      <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+      <artifactId>menforcer138_utils</artifactId>
+      <version>3.0</version>
+    </dependency>
+  </dependencies>
+
+</project>
diff --git a/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/verify.groovy b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/verify.groovy
new file mode 100644
index 0000000..67651ac
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/verify.groovy
@@ -0,0 +1,23 @@
+/*

+ * Licensed to the Apache Software Foundation (ASF) under one

+ * or more contributor license agreements.  See the NOTICE file

+ * distributed with this work for additional information

+ * regarding copyright ownership.  The ASF licenses this file

+ * to you under the Apache License, Version 2.0 (the

+ * "License"); you may not use this file except in compliance

+ * with the License.  You may obtain a copy of the License at

+ *

+ *   http://www.apache.org/licenses/LICENSE-2.0

+ *

+ * Unless required by applicable law or agreed to in writing,

+ * software distributed under the License is distributed on an

+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

+ * KIND, either express or implied.  See the License for the

+ * specific language governing permissions and limitations

+ * under the License.

+ */

+File buildLog = new File( basedir, 'build.log' )

+assert buildLog.text.contains( '[ERROR] Rule 0: org.apache.maven.plugins.enforcer.BanDependencyManagementScope failed with message:' )

+assert buildLog.text.contains( 'Scope other than \'import\' is not allowed in \'dependencyManagement\'' )

+assert buildLog.text.contains( 'Banned scope \'provided\' used on dependency \'org.apache.maven.plugins.enforcer.its:menforcer138_archiver:jar\' @ line 65, column 19' )

+assert buildLog.text.contains( 'Banned scope \'test\' used on dependency \'org.apache.maven.plugins.enforcer.its:menforcer138_utils:jar\' @ line 71, column 19' )
\ No newline at end of file