Scan a Java/Maven Project for Upgrade Drift
Scan a Java/Maven project with Vibgrate CLI to get a DriftScore, generate a Markdown report, and add a build gate on drift severity.
Java/Maven projects accumulate upgrade drift in their pom.xml dependency trees, where transitive versions drift and breaking changes hide. Vibgrate CLI detects the Java ecosystem, scans the dependency graph, and assigns a DriftScore so teams can plan upgrades deliberately.
Prerequisites
- A Java/Maven project with a
pom.xml - Vibgrate CLI installed, or use the no-install form
Steps
1. Install the CLI
npm i -g @vibgrate/cli
Or try it without installing:
npx @vibgrate/cli scan
2. Scan the project
From the project root:
vg
Vibgrate detects Java/Maven from your pom.xml and reports drift findings by severity.
3. Read the DriftScore
The DriftScore (0-100) summarizes accumulated upgrade risk. Review high-severity findings first, especially packages flagged for breaking-change exposure.
4. Generate a Markdown report
Produce a human-readable report to share in a PR or wiki:
vg scan --format markdown --out vibgrate.md
You can also build a report from existing scan artifacts:
vg report
5. Gate the build
Fail the build when error-level drift appears:
vg scan --fail-on error
Verification
Confirm the scan printed a DriftScore and that vibgrate.md was created and renders cleanly. With --fail-on error, verify the exit code stops the build on high-severity drift.
Next Steps
Create a baseline with vg baseline to track drift across releases, and explore SARIF output for code-scanning dashboards.