We can force the checksum validation in maven with at least two options:
1.Adding the --strict-checksums
to our maven command.
2.Adding the following configuration to our maven settings file:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<!--...-->
<profiles>
<profile>
<!--...-->
<repositories>
<repository>
<id>codehausSnapshots</id>
<name>Codehaus Snapshots</name>
<releases>
<enabled>false</enabled>
<updatePolicy>always</updatePolicy>
<checksumPolicy>fail</checksumPolicy>
</releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>never</updatePolicy>
<checksumPolicy>fail</checksumPolicy>
</snapshots>
<url>
<!--...-->
</url>
</repository>
</repositories>
<pluginRepositories>
<!--...-->
</pluginRepositories>
<!--...-->
</profile>
</profiles>
<!--...-->
</settings>
More details in this post: https://dzone.com/articles/maven-artifact-checksums-what