From a553b849e6a25411936c160b7e13c0538941387e Mon Sep 17 00:00:00 2001
From: Andrzej Jarmoniuk <gh@jarmoniuk.nl>
Date: Mon, 24 Oct 2022 13:54:46 +0200
Subject: [PATCH] Resolves #387: Provide an enforcer rule to specify a maximum
 number of allowed dependency updates

---
 enforcer/pom.xml                              |  88 ++++
 pom.xml                                       |  12 +
 .../versions/api/AbstractVersionDetails.java  |  28 +-
 .../versions/api/DefaultVersionsHelper.java   |  18 -
 .../mojo/versions/api/VersionDetails.java     |  24 ++
 .../mojo/versions/api/VersionsHelper.java     |  10 -
 .../versions/filtering/DependencyFilter.java  |  49 ++-
 .../ordering/AbstractVersionComparator.java   |  10 +-
 .../versions/ordering/VersionComparator.java  |  33 --
 .../versions/utils/MavenProjectUtils.java     | 178 ++++++++
 .../versions/api/ArtifactVersionsTest.java    |  63 +++
 .../PropertiesVersionsFileReaderTest.java     |   8 +-
 versions-enforcer/pom.xml                     |  80 ++++
 .../enforcer/MaxDependencyUpdates.java        | 398 ++++++++++++++++++
 .../enforcer/MaxDependencyUpdatesTest.java    | 314 ++++++++++++++
 versions-maven-plugin/pom.xml                 |  16 +-
 .../invoker.properties                        |   2 +
 .../it/it-max-dependency-updates-001/pom.xml  |  44 ++
 .../invoker.properties                        |   2 +
 .../it/it-max-dependency-updates-002/pom.xml  |  44 ++
 .../invoker.properties                        |   2 +
 .../it/it-max-dependency-updates-003/pom.xml  |  47 +++
 .../invoker.properties                        |   2 +
 .../it/it-max-dependency-updates-004/pom.xml  |  45 ++
 .../versions/DependencyUpdatesReportMojo.java |   3 +-
 .../DisplayDependencyUpdatesMojo.java         | 254 ++---------
 .../enforcer/max-dependency-updates.md        | 112 +++++
 .../src/site/markdown/index.md                |   6 +
 .../mojo/max-dependency-upgrades/pom.xml      |  44 ++
 versions-test/pom.xml                         |  72 ++++
 .../mojo/versions/utils/MockUtils.java        |   4 +-
 .../versions/utils/TestChangeRecorder.java    |   0
 .../mojo/versions/utils/TestUtils.java        |   0
 33 files changed, 1711 insertions(+), 301 deletions(-)
 create mode 100644 enforcer/pom.xml
 create mode 100644 versions-common/src/main/java/org/codehaus/mojo/versions/utils/MavenProjectUtils.java
 create mode 100644 versions-enforcer/pom.xml
 create mode 100644 versions-enforcer/src/main/java/org/apache/maven/plugins/enforcer/MaxDependencyUpdates.java
 create mode 100644 versions-enforcer/src/test/java/org/apache/maven/plugins/enforcer/MaxDependencyUpdatesTest.java
 create mode 100644 versions-maven-plugin/src/it/it-max-dependency-updates-001/invoker.properties
 create mode 100644 versions-maven-plugin/src/it/it-max-dependency-updates-001/pom.xml
 create mode 100644 versions-maven-plugin/src/it/it-max-dependency-updates-002/invoker.properties
 create mode 100644 versions-maven-plugin/src/it/it-max-dependency-updates-002/pom.xml
 create mode 100644 versions-maven-plugin/src/it/it-max-dependency-updates-003/invoker.properties
 create mode 100644 versions-maven-plugin/src/it/it-max-dependency-updates-003/pom.xml
 create mode 100644 versions-maven-plugin/src/it/it-max-dependency-updates-004/invoker.properties
 create mode 100644 versions-maven-plugin/src/it/it-max-dependency-updates-004/pom.xml
 create mode 100644 versions-maven-plugin/src/site/markdown/enforcer/max-dependency-updates.md
 create mode 100644 versions-maven-plugin/src/test/resources/org/codehaus/mojo/max-dependency-upgrades/pom.xml
 create mode 100644 versions-test/pom.xml
 rename {versions-maven-plugin/src/test => versions-test/src/main}/java/org/codehaus/mojo/versions/utils/MockUtils.java (100%)
 rename {versions-maven-plugin/src/test => versions-test/src/main}/java/org/codehaus/mojo/versions/utils/TestChangeRecorder.java (100%)
 rename {versions-maven-plugin/src/test => versions-test/src/main}/java/org/codehaus/mojo/versions/utils/TestUtils.java (100%)

diff --git a/enforcer/pom.xml b/enforcer/pom.xml
new file mode 100644
index 0000000000..1842f186c1
--- /dev/null
+++ b/enforcer/pom.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>versions</artifactId>
+        <groupId>org.codehaus.mojo.versions</groupId>
+        <version>2.14.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>enforcer</artifactId>
+
+    <name>Versions Enforcer rules</name>
+    <description>maven-enforcer-plugin rules</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>versions-maven-plugin</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.codehaus.mojo.versions</groupId>
+            <artifactId>test-utils</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.maven.enforcer</groupId>
+            <artifactId>enforcer-api</artifactId>
+            <version>3.1.0</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-compat</artifactId>
+            <version>${mavenVersion}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.maven.plugin-testing</groupId>
+            <artifactId>maven-plugin-testing-harness</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.junit.vintage</groupId>
+            <artifactId>junit-vintage-engine</artifactId>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.hamcrest</groupId>
+                    <artifactId>hamcrest-core</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-inline</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+    </dependencies>
+
+</project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index d2955b8d05..86769230e1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -100,6 +100,8 @@
     <module>model-ruleset</module>
     <module>model-report</module>
     <module>versions-common</module>
+    <module>versions-enforcer</module>
+    <module>versions-test</module>
   </modules>
 
   <scm>
@@ -137,6 +139,11 @@
 
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>org.apache.maven.enforcer</groupId>
+        <artifactId>enforcer-api</artifactId>
+        <version>3.1.0</version>
+      </dependency>
       <dependency>
         <groupId>org.junit</groupId>
         <artifactId>junit-bom</artifactId>
@@ -194,6 +201,11 @@
         <artifactId>slf4j-simple</artifactId>
         <version>1.7.36</version>
       </dependency>
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-text</artifactId>
+        <version>1.9</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
diff --git a/versions-common/src/main/java/org/codehaus/mojo/versions/api/AbstractVersionDetails.java b/versions-common/src/main/java/org/codehaus/mojo/versions/api/AbstractVersionDetails.java
index 1b1a5a080c..939a3f3997 100644
--- a/versions-common/src/main/java/org/codehaus/mojo/versions/api/AbstractVersionDetails.java
+++ b/versions-common/src/main/java/org/codehaus/mojo/versions/api/AbstractVersionDetails.java
@@ -34,6 +34,7 @@
 import static java.util.Collections.reverseOrder;
 import static java.util.Optional.empty;
 import static java.util.Optional.of;
+import static org.codehaus.mojo.versions.api.Segment.MAJOR;
 import static org.codehaus.mojo.versions.api.Segment.SUBINCREMENTAL;
 
 /**
@@ -72,6 +73,29 @@ protected AbstractVersionDetails()
     {
     }
 
+    @Override
+    public Restriction restrictionFor( Optional<Segment> scope )
+            throws InvalidSegmentException
+    {
+        ArtifactVersion nextVersion = scope
+                .filter( s -> s.isMajorTo( SUBINCREMENTAL ) )
+                .map( s -> (ArtifactVersion)
+                        new BoundArtifactVersion( currentVersion, Segment.of( s.value() + 1 ) ) )
+                .orElse( currentVersion );
+        return new Restriction( nextVersion, false, scope.filter( MAJOR::isMajorTo )
+                .map( s -> (ArtifactVersion) new BoundArtifactVersion( currentVersion, s ) ).orElse( null ),
+                false );
+    }
+
+    @Override
+    public Restriction restrictionForIgnoreScope( Optional<Segment> ignored )
+    {
+        ArtifactVersion nextVersion = ignored
+                .map( s -> (ArtifactVersion) new BoundArtifactVersion( currentVersion, s ) )
+                .orElse( currentVersion );
+        return new Restriction( nextVersion, false, null, false );
+    }
+
     @Override
     public final boolean isCurrentVersionDefined()
     {
@@ -307,7 +331,7 @@ public final ArtifactVersion getNewestUpdate( ArtifactVersion currentVersion, Op
     {
         try
         {
-            return getNewestVersion( getVersionComparator().restrictionFor( currentVersion, updateScope ),
+            return getNewestVersion( restrictionFor( updateScope ),
                     includeSnapshots );
         }
         catch ( InvalidSegmentException e )
@@ -322,7 +346,7 @@ public final ArtifactVersion[] getAllUpdates( ArtifactVersion currentVersion, Op
     {
         try
         {
-            return getVersions( getVersionComparator().restrictionFor( currentVersion, updateScope ),
+            return getVersions( restrictionFor( updateScope ),
                     includeSnapshots );
         }
         catch ( InvalidSegmentException e )
diff --git a/versions-common/src/main/java/org/codehaus/mojo/versions/api/DefaultVersionsHelper.java b/versions-common/src/main/java/org/codehaus/mojo/versions/api/DefaultVersionsHelper.java
index 4f425ff300..ce25531ccb 100644
--- a/versions-common/src/main/java/org/codehaus/mojo/versions/api/DefaultVersionsHelper.java
+++ b/versions-common/src/main/java/org/codehaus/mojo/versions/api/DefaultVersionsHelper.java
@@ -893,24 +893,6 @@ else if ( !excludePropertiesList.isEmpty() && excludePropertiesList.contains( pr
         return propertyVersions;
     }
 
-    @Override
-    public Dependency interpolateVersion( final Dependency dependency, final MavenProject project )
-    {
-
-        // resolve version from model properties if necessary (e.g. "${mycomponent.myversion}"
-        if ( dependency.getVersion().startsWith( "${" ) )
-        {
-            final String resolvedVersion = project.getOriginalModel()
-                .getProperties().getProperty(
-                    dependency.getVersion().substring( 2, dependency.getVersion().length() - 1 ) );
-            if ( resolvedVersion != null && !resolvedVersion.isEmpty() )
-            {
-                dependency.setVersion( resolvedVersion );
-            }
-        }
-        return dependency;
-    }
-
     /**
      * Builder class for {@linkplain DefaultVersionsHelper}
      */
diff --git a/versions-common/src/main/java/org/codehaus/mojo/versions/api/VersionDetails.java b/versions-common/src/main/java/org/codehaus/mojo/versions/api/VersionDetails.java
index 542130619e..6acedce8df 100644
--- a/versions-common/src/main/java/org/codehaus/mojo/versions/api/VersionDetails.java
+++ b/versions-common/src/main/java/org/codehaus/mojo/versions/api/VersionDetails.java
@@ -392,4 +392,28 @@ ArtifactVersion[] getAllUpdates( Optional<Segment> updateScope, boolean includeS
      */
     ArtifactVersion[] getAllUpdates( VersionRange versionRange, boolean includeSnapshots );
 
+    /**
+     * <p>Returns a {@linkplain Restriction} object for computing version <em>upgrades</em>
+     * with the given segment allowing updates, with all more major segments locked in place.</p>
+     * <p>The resulting restriction could be thought of as one
+     * retaining the versions on positions up to the held position,
+     * the position right after the position held in place will be incremented by one,
+     * and on all positions which are more minor than that, the range would contain -&infin;
+     * for the bottom bound and +&infin; for the above bound.</p>
+     * <p>This will allow matching the required versions while not matching versions which are considered
+     * inferior than the zeroth version, i.e. versions with a qualifier.</p>
+     *
+     * @param scope most major segment where updates are allowed Optional.empty() for no restriction
+     * @return {@linkplain Restriction} object based on the arguments
+     */
+    Restriction restrictionFor( Optional<Segment> scope ) throws InvalidSegmentException;
+
+
+    /**
+     * Returns the {@link Restriction} objects for a segemnt scope which is to be <b>ignored</b>.
+     *
+     * @param ignored most major segment where updates are to be ignored; Optional.empty() for no ignored segments
+     * @return {@linkplain Restriction} object based on the arguments
+     */
+    Restriction restrictionForIgnoreScope( Optional<Segment> ignored );
 }
diff --git a/versions-common/src/main/java/org/codehaus/mojo/versions/api/VersionsHelper.java b/versions-common/src/main/java/org/codehaus/mojo/versions/api/VersionsHelper.java
index bd803639d6..00f4037ff8 100644
--- a/versions-common/src/main/java/org/codehaus/mojo/versions/api/VersionsHelper.java
+++ b/versions-common/src/main/java/org/codehaus/mojo/versions/api/VersionsHelper.java
@@ -417,14 +417,4 @@ public VersionPropertiesMapRequest build()
      */
     void resolveArtifact( Artifact artifact, boolean usePluginRepositories )
         throws ArtifactResolutionException, ArtifactNotFoundException;
-
-    /**
-     * Attempts to interpolate the version from model properties.
-     *
-     * @param dependency the dependency
-     * @param project the maven project
-     * @return the dependency with interpolated property (as far as possible)
-     * @since 2.14.0
-     */
-    Dependency interpolateVersion( Dependency dependency, MavenProject project );
 }
diff --git a/versions-common/src/main/java/org/codehaus/mojo/versions/filtering/DependencyFilter.java b/versions-common/src/main/java/org/codehaus/mojo/versions/filtering/DependencyFilter.java
index e31a0481a5..00f58cb00c 100644
--- a/versions-common/src/main/java/org/codehaus/mojo/versions/filtering/DependencyFilter.java
+++ b/versions-common/src/main/java/org/codehaus/mojo/versions/filtering/DependencyFilter.java
@@ -19,6 +19,7 @@
  * under the License.
  */
 
+import java.util.Collection;
 import java.util.List;
 import java.util.Set;
 import java.util.TreeSet;
@@ -26,6 +27,7 @@
 import java.util.stream.Collectors;
 
 import org.apache.maven.model.Dependency;
+import org.apache.maven.plugin.logging.Log;
 import org.codehaus.mojo.versions.utils.DependencyComparator;
 
 public class DependencyFilter
@@ -62,12 +64,12 @@ public String toString()
         return String.format( "%s{%s}", getClass().getSimpleName(), pattern );
     }
 
-    public Set<Dependency> retainingIn( Set<Dependency> dependencies )
+    public Set<Dependency> retainingIn( Collection<Dependency> dependencies )
     {
         return filterBy( dependencies, this::matchersMatch );
     }
 
-    public Set<Dependency> removingFrom( Set<Dependency> dependencies )
+    public Set<Dependency> removingFrom( Collection<Dependency> dependencies )
     {
         return filterBy( dependencies, not( this::matchersMatch ) );
     }
@@ -77,10 +79,51 @@ private boolean matchersMatch( Dependency dependency )
         return matchers.stream().anyMatch( m -> m.test( dependency ) );
     }
 
-    private TreeSet<Dependency> filterBy( Set<Dependency> dependencies, Predicate<Dependency> predicate )
+    private TreeSet<Dependency> filterBy( Collection<Dependency> dependencies, Predicate<Dependency> predicate )
     {
         return dependencies.stream()
                 .filter( predicate )
                 .collect( Collectors.toCollection( () -> new TreeSet<>( DependencyComparator.INSTANCE ) ) );
     }
+
+    /**
+     * Returns a set of dependencies filtered by the given include- and exclude filters.
+     * @param dependencies collection of dependencies to filter
+     * @param includes a list of dependency includes
+     * @param excludes a list of dependency excludes
+     * @param section if log is not null, dependency section name for the debug log
+     * @param log null or log to which debug information will be logged
+     * @return filtered set of dependencies
+     */
+    public static Set<Dependency> filterDependencies(
+            Collection<Dependency> dependencies,
+            List<String> includes,
+            List<String> excludes,
+            String section,
+            Log log
+    )
+    {
+        DependencyFilter includeDeps = DependencyFilter.parseFrom( includes );
+        DependencyFilter excludeDeps = DependencyFilter.parseFrom( excludes );
+
+        Set<Dependency> filtered = includeDeps.retainingIn( dependencies );
+        filtered = excludeDeps.removingFrom( filtered );
+
+        if ( log != null && log.isDebugEnabled() )
+        {
+            log.debug( String.format( "parsed includes in %s: %s -> %s", section, includes, includeDeps ) );
+            log.debug( String.format( "parsed excludes in %s: %s -> %s", section, excludes, excludeDeps ) );
+            log.debug( String.format( "Unfiltered %s: ", section ) + output( dependencies ) );
+            log.debug( String.format( "Filtered %s: ", section ) + output( filtered ) );
+        }
+
+        return filtered;
+    }
+
+    private static String output( Collection<Dependency> dependencies )
+    {
+        return dependencies.stream()
+                .map( d -> String.format( "%s:%s:%s", d.getGroupId(), d.getArtifactId(), d.getVersion() ) )
+                .collect( Collectors.joining( ", " ) );
+    }
 }
diff --git a/versions-common/src/main/java/org/codehaus/mojo/versions/ordering/AbstractVersionComparator.java b/versions-common/src/main/java/org/codehaus/mojo/versions/ordering/AbstractVersionComparator.java
index 30a4835026..75b659e047 100644
--- a/versions-common/src/main/java/org/codehaus/mojo/versions/ordering/AbstractVersionComparator.java
+++ b/versions-common/src/main/java/org/codehaus/mojo/versions/ordering/AbstractVersionComparator.java
@@ -29,14 +29,10 @@
 public abstract class AbstractVersionComparator
     implements VersionComparator
 {
-    /**
-     * {@inheritDoc}
-     */
+    @Override
     public abstract int compare( ArtifactVersion o1, ArtifactVersion o2 );
 
-    /**
-     * {@inheritDoc}
-     */
+    @Override
     public final int getSegmentCount( ArtifactVersion v )
     {
         if ( v == null )
@@ -58,6 +54,7 @@ public final int getSegmentCount( ArtifactVersion v )
      *
      * @return the hash code.
      */
+    @Override
     public int hashCode()
     {
         return getClass().hashCode();
@@ -71,6 +68,7 @@ public int hashCode()
      * @see #hashCode()
      * @see java.util.Hashtable
      */
+    @Override
     public boolean equals( Object obj )
     {
         return obj == this || ( obj != null && getClass().equals( obj.getClass() ) );
diff --git a/versions-common/src/main/java/org/codehaus/mojo/versions/ordering/VersionComparator.java b/versions-common/src/main/java/org/codehaus/mojo/versions/ordering/VersionComparator.java
index 91a40848c8..1ca3e6b075 100644
--- a/versions-common/src/main/java/org/codehaus/mojo/versions/ordering/VersionComparator.java
+++ b/versions-common/src/main/java/org/codehaus/mojo/versions/ordering/VersionComparator.java
@@ -20,14 +20,8 @@
  */
 
 import java.util.Comparator;
-import java.util.Optional;
 
 import org.apache.maven.artifact.versioning.ArtifactVersion;
-import org.apache.maven.artifact.versioning.Restriction;
-import org.codehaus.mojo.versions.api.Segment;
-
-import static org.codehaus.mojo.versions.api.Segment.MAJOR;
-import static org.codehaus.mojo.versions.api.Segment.SUBINCREMENTAL;
 
 /**
  * A rule for comparing and manipulating versions.
@@ -43,31 +37,4 @@ public interface VersionComparator
      * @since 1.0-beta-1
      */
     int getSegmentCount( ArtifactVersion artifactVersion );
-
-    /**
-     * <p>Returns a {@linkplain Restriction} object for computing version <em>upgrades</em>
-     * with the given segment allowing updates, with all more major segments locked in place.</p>
-     * <p>The resulting restriction could be thought of as one
-     * retaining the versions on positions up to the held position,
-     * the position right after the position held in place will be incremented by one,
-     * and on all positions which are more minor than that, the range would contain -&infin;
-     * for the bottom bound and +&infin; for the above bound.</p>
-     * <p>This will allow matching the required versions while not matching versions which are considered
-     * inferior than the zeroth version, i.e. versions with a qualifier.</p>
-     *
-     * @param currentVersion The current version.
-     * @param scope most major segment where updates are allowed Optional.empty() for no restriction
-     * @return {@linkplain Restriction} object based on the arguments
-     */
-    default Restriction restrictionFor( ArtifactVersion currentVersion, Optional<Segment> scope )
-            throws InvalidSegmentException
-    {
-        ArtifactVersion nextVersion = scope.filter( s -> s.isMajorTo( SUBINCREMENTAL ) )
-                .map( s -> (ArtifactVersion)
-                        new BoundArtifactVersion( currentVersion, Segment.of( s.value() + 1 ) ) )
-                .orElse( currentVersion );
-        return new Restriction( nextVersion, false, scope.filter( MAJOR::isMajorTo )
-                .map( s -> (ArtifactVersion) new BoundArtifactVersion( currentVersion, s ) ).orElse( null ),
-                false );
-    }
 }
diff --git a/versions-common/src/main/java/org/codehaus/mojo/versions/utils/MavenProjectUtils.java b/versions-common/src/main/java/org/codehaus/mojo/versions/utils/MavenProjectUtils.java
new file mode 100644
index 0000000000..64c6480047
--- /dev/null
+++ b/versions-common/src/main/java/org/codehaus/mojo/versions/utils/MavenProjectUtils.java
@@ -0,0 +1,178 @@
+package org.codehaus.mojo.versions.utils;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+
+import org.apache.maven.model.Dependency;
+import org.apache.maven.model.DependencyManagement;
+import org.apache.maven.plugin.logging.Log;
+import org.apache.maven.project.MavenProject;
+
+import static java.util.Collections.emptySet;
+
+/**
+ * Utility methods for extracting dependencies from a {@link org.apache.maven.project.MavenProject}
+ */
+public class MavenProjectUtils
+{
+    /**
+     * Retrieves dependencies from the plugins section
+     * @param project {@link MavenProject} instance
+     * @return set of {@link Dependency} objects
+     * or an empty set if none have been retrieveddependencies or an empty set if none have been retrieved
+     */
+    public static Set<Dependency> extractPluginDependenciesFromPluginsInPluginManagement( MavenProject project )
+    {
+        return project.getBuild() == null || project.getBuild().getPluginManagement() == null
+                || project.getBuild().getPluginManagement().getPlugins() == null
+                ? emptySet()
+                : project.getBuild().getPluginManagement().getPlugins().parallelStream()
+                .filter( plugin -> plugin.getDependencies() != null )
+                .flatMap( plugin -> plugin.getDependencies().stream() )
+                .collect( () -> new TreeSet<>( DependencyComparator.INSTANCE ), Set::add, Set::addAll );
+    }
+
+    /**
+     * Retrieves dependencies from plugin management
+     * @param project {@link MavenProject} instance
+     * @return set of {@link Dependency} objects
+     * or an empty set if none have been retrieveddependencies or an empty set if none have been retrieved
+     */
+    public static Set<Dependency> extractDependenciesFromPlugins( MavenProject project )
+    {
+        return project.getBuildPlugins().parallelStream()
+                .filter( plugin -> plugin.getDependencies() != null )
+                .flatMap( plugin -> plugin.getDependencies().stream() )
+                .collect( () -> new TreeSet<>( DependencyComparator.INSTANCE ), Set::add, Set::addAll );
+    }
+
+    /**
+     * Retrieves dependencies from the dependency management of the project
+     * as well as its immediate parent project.
+     *
+     * @param project {@link MavenProject} instance
+     * @param processDependencyManagementTransitive if {@code true}, the original model will be considered
+     *                                              instead of the interpolated model, which does not contain
+     *                                              imported dependencies
+     * @return set of {@link Dependency} objects
+     * or an empty set if none have been retrieveddependencies or an empty set if none have been retrieved
+     */
+    public static Set<Dependency> extractDependenciesFromDependencyManagement( MavenProject project,
+            boolean processDependencyManagementTransitive, Log log )
+            throws VersionRetrievalException
+    {
+        Set<Dependency> dependencyManagement = new TreeSet<>( DependencyComparator.INSTANCE );
+        DependencyManagement projectDependencyManagement = processDependencyManagementTransitive
+                ? project.getDependencyManagement()
+                : project.getOriginalModel().getDependencyManagement();
+        if ( projectDependencyManagement != null )
+        {
+
+            List<Dependency> dependenciesFromPom = projectDependencyManagement.getDependencies();
+            for ( Dependency dependency : dependenciesFromPom )
+            {
+                log.debug( "dependency from pom: " + dependency.getGroupId() + ":" + dependency.getArtifactId()
+                                    + ":" + dependency.getVersion() + ":" + dependency.getScope() );
+                if ( dependency.getVersion() == null )
+                {
+                    // get parent and get the information from there.
+                    if ( project.hasParent() )
+                    {
+                        log.debug( "Reading parent dependencyManagement information" );
+                        DependencyManagement parentProjectDependencyManagement =
+                                processDependencyManagementTransitive
+                                        ? project.getParent().getDependencyManagement()
+                                        : project.getParent().getOriginalModel().getDependencyManagement();
+                        if ( parentProjectDependencyManagement != null )
+                        {
+                            List<Dependency> parentDeps = parentProjectDependencyManagement.getDependencies();
+                            for ( Dependency parentDep : parentDeps )
+                            {
+                                // only groupId && artifactId needed cause version is null
+                                if ( dependency.getGroupId().equals( parentDep.getGroupId() )
+                                    && dependency.getArtifactId().equals( parentDep.getArtifactId() )
+                                    && dependency.getType().equals( parentDep.getType() ) )
+                                {
+                                    dependencyManagement.add( parentDep );
+                                }
+                            }
+                        }
+                    }
+                    else
+                    {
+                        String message = "We can't get the version for the dependency " + dependency.getGroupId() + ":"
+                            + dependency.getArtifactId() + " because there does not exist a parent.";
+                        log.error( message );
+                        // Throw error because we will not able to get a version for a dependency.
+                        throw new VersionRetrievalException( message );
+                    }
+                }
+                else
+                {
+                    dependency = interpolateVersion( dependency, project );
+                    dependencyManagement.add( dependency );
+                }
+            }
+        }
+        return dependencyManagement;
+    }
+
+    /**
+     * Exception thrown if a version of a dependency cannot be found
+     */
+    public static class VersionRetrievalException extends Exception
+    {
+        /**
+         * Creates a new instance of the exception object with the given message
+         * @param message exception message
+         */
+        public VersionRetrievalException( String message )
+        {
+            super( message );
+        }
+    }
+
+    /**
+     * Attempts to interpolate the version from model properties.
+     *
+     * @param dependency the dependency
+     * @param project the maven project
+     * @return the dependency with interpolated property (as far as possible)
+     * @since 2.14.0
+     */
+    public static Dependency interpolateVersion( final Dependency dependency, final MavenProject project )
+    {
+
+        // resolve version from model properties if necessary (e.g. "${mycomponent.myversion}"
+        if ( dependency.getVersion().startsWith( "${" ) )
+        {
+            final String resolvedVersion = project.getOriginalModel()
+                    .getProperties().getProperty(
+                            dependency.getVersion().substring( 2, dependency.getVersion().length() - 1 ) );
+            if ( resolvedVersion != null && !resolvedVersion.isEmpty() )
+            {
+                dependency.setVersion( resolvedVersion );
+            }
+        }
+        return dependency;
+    }
+}
diff --git a/versions-common/src/test/java/org/codehaus/mojo/versions/api/ArtifactVersionsTest.java b/versions-common/src/test/java/org/codehaus/mojo/versions/api/ArtifactVersionsTest.java
index 1f4b3633e1..25913f0af8 100644
--- a/versions-common/src/test/java/org/codehaus/mojo/versions/api/ArtifactVersionsTest.java
+++ b/versions-common/src/test/java/org/codehaus/mojo/versions/api/ArtifactVersionsTest.java
@@ -25,6 +25,7 @@
 import org.apache.maven.artifact.handler.DefaultArtifactHandler;
 import org.apache.maven.artifact.versioning.ArtifactVersion;
 import org.apache.maven.artifact.versioning.DefaultArtifactVersion;
+import org.apache.maven.artifact.versioning.Restriction;
 import org.apache.maven.artifact.versioning.VersionRange;
 import org.codehaus.mojo.versions.ordering.InvalidSegmentException;
 import org.codehaus.mojo.versions.ordering.MavenVersionComparator;
@@ -33,9 +34,12 @@
 
 import static java.util.Optional.of;
 import static org.codehaus.mojo.versions.api.Segment.INCREMENTAL;
+import static org.codehaus.mojo.versions.api.Segment.MAJOR;
+import static org.codehaus.mojo.versions.api.Segment.MINOR;
 import static org.codehaus.mojo.versions.api.Segment.SUBINCREMENTAL;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.arrayContaining;
+import static org.hamcrest.Matchers.arrayWithSize;
 import static org.hamcrest.Matchers.is;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
@@ -141,4 +145,63 @@ public void testGetNewerVersionsWithSnapshot() throws InvalidSegmentException
         assertThat( instance.getNewerVersions( "1.0.0-SNAPSHOT", of( SUBINCREMENTAL ), false, false ),
                 arrayContaining( new DefaultArtifactVersion( "1.0.0" ) ) );
     }
+
+    @Test
+    public void testAllVersionsForIgnoreScopeSubIncremental()
+    {
+        ArtifactVersion[] versions = versions( "1.0.0", "1.0.0-1", "1.0.1" );
+        ArtifactVersions instance =
+                new ArtifactVersions( new DefaultArtifact( "default-group", "dummy-api",
+                        "1.0.0", "foo", "bar",
+                        "jar", null ),
+                        Arrays.asList( versions ), new MavenVersionComparator() );
+        Restriction restriction = instance.restrictionForIgnoreScope( of( SUBINCREMENTAL ) );
+        ArtifactVersion[] filteredVersions = instance.getVersions( restriction, false );
+        assertThat( filteredVersions, arrayWithSize( 1 ) );
+        assertThat( filteredVersions, arrayContaining( new DefaultArtifactVersion( "1.0.1" ) ) );
+    }
+
+    @Test
+    public void testAllVersionsForIgnoreScopeIncremental()
+    {
+        ArtifactVersion[] versions = versions( "1.0.0", "1.0.0-1", "1.0.1", "1.1.0" );
+        ArtifactVersions instance =
+                new ArtifactVersions( new DefaultArtifact( "default-group", "dummy-api",
+                        "1.0.0", "foo", "bar",
+                        "jar", null ),
+                        Arrays.asList( versions ), new MavenVersionComparator() );
+        Restriction restriction = instance.restrictionForIgnoreScope( of( INCREMENTAL ) );
+        ArtifactVersion[] filteredVersions = instance.getVersions( restriction, false );
+        assertThat( filteredVersions, arrayWithSize( 1 ) );
+        assertThat( filteredVersions, arrayContaining( new DefaultArtifactVersion( "1.1.0" ) ) );
+    }
+
+    @Test
+    public void testAllVersionsForIgnoreScopeMinor()
+    {
+        ArtifactVersion[] versions = versions( "1.0.0", "1.0.0-1", "1.0.1", "1.1.0", "2.0.0" );
+        ArtifactVersions instance =
+                new ArtifactVersions( new DefaultArtifact( "default-group", "dummy-api",
+                        "1.0.0", "foo", "bar",
+                        "jar", null ),
+                        Arrays.asList( versions ), new MavenVersionComparator() );
+        Restriction restriction = instance.restrictionForIgnoreScope( of( MINOR ) );
+        ArtifactVersion[] filteredVersions = instance.getVersions( restriction, false );
+        assertThat( filteredVersions, arrayWithSize( 1 ) );
+        assertThat( filteredVersions, arrayContaining( new DefaultArtifactVersion( "2.0.0" ) ) );
+    }
+
+    @Test
+    public void testAllVersionsForIgnoreScopeMajor()
+    {
+        ArtifactVersion[] versions = versions( "1.0.0", "1.0.0-1", "1.0.1", "1.1.0", "2.0.0" );
+        ArtifactVersions instance =
+                new ArtifactVersions( new DefaultArtifact( "default-group", "dummy-api",
+                        "1.0.0", "foo", "bar",
+                        "jar", null ),
+                        Arrays.asList( versions ), new MavenVersionComparator() );
+        Restriction restriction = instance.restrictionForIgnoreScope( of( MAJOR ) );
+        ArtifactVersion[] filteredVersions = instance.getVersions( restriction, false );
+        assertThat( filteredVersions, arrayWithSize( 0 ) );
+    }
 }
diff --git a/versions-common/src/test/java/org/codehaus/mojo/versions/utils/PropertiesVersionsFileReaderTest.java b/versions-common/src/test/java/org/codehaus/mojo/versions/utils/PropertiesVersionsFileReaderTest.java
index 2041c82e9c..4f68d71089 100644
--- a/versions-common/src/test/java/org/codehaus/mojo/versions/utils/PropertiesVersionsFileReaderTest.java
+++ b/versions-common/src/test/java/org/codehaus/mojo/versions/utils/PropertiesVersionsFileReaderTest.java
@@ -25,11 +25,9 @@
 import java.util.Set;
 
 import org.apache.commons.lang3.StringUtils;
+import org.junit.Assert;
 import org.junit.Test;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
 public class PropertiesVersionsFileReaderTest
 {
 
@@ -43,9 +41,9 @@ public void testRead() throws IOException
         reader.read();
 
         int numberOfPropertiesConfig = 3;
-        assertTrue( equalsCvsUnordered( "booking-api.version,booking-lib.version,be-air-impl.version",
+        Assert.assertTrue( equalsCvsUnordered( "booking-api.version,booking-lib.version,be-air-impl.version",
                                         reader.getProperties() ) );
-        assertEquals( numberOfPropertiesConfig, reader.getPropertiesConfig().length );
+        Assert.assertEquals( numberOfPropertiesConfig, reader.getPropertiesConfig().length );
     }
 
     private boolean equalsCvsUnordered( String csvExpected, String csvActual )
diff --git a/versions-enforcer/pom.xml b/versions-enforcer/pom.xml
new file mode 100644
index 0000000000..1c4462b7f5
--- /dev/null
+++ b/versions-enforcer/pom.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>versions</artifactId>
+        <groupId>org.codehaus.mojo.versions</groupId>
+        <version>2.14.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>versions-enforcer</artifactId>
+
+    <name>Versions Enforcer</name>
+    <description>Enforcer rules using Versions Maven Plugin</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.codehaus.mojo.versions</groupId>
+            <artifactId>versions-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.codehaus.mojo.versions</groupId>
+            <artifactId>versions-test</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.maven.enforcer</groupId>
+            <artifactId>enforcer-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-compat</artifactId>
+            <version>${mavenVersion}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.vintage</groupId>
+            <artifactId>junit-vintage-engine</artifactId>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.hamcrest</groupId>
+                    <artifactId>hamcrest-core</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven.plugin-testing</groupId>
+            <artifactId>maven-plugin-testing-harness</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-inline</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file
diff --git a/versions-enforcer/src/main/java/org/apache/maven/plugins/enforcer/MaxDependencyUpdates.java b/versions-enforcer/src/main/java/org/apache/maven/plugins/enforcer/MaxDependencyUpdates.java
new file mode 100644
index 0000000000..fa6f17f246
--- /dev/null
+++ b/versions-enforcer/src/main/java/org/apache/maven/plugins/enforcer/MaxDependencyUpdates.java
@@ -0,0 +1,398 @@
+package org.apache.maven.plugins.enforcer;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+import java.util.TreeSet;
+import java.util.stream.Collectors;
+
+import org.apache.maven.artifact.manager.WagonManager;
+import org.apache.maven.artifact.metadata.ArtifactMetadataRetrievalException;
+import org.apache.maven.artifact.metadata.ArtifactMetadataSource;
+import org.apache.maven.artifact.repository.ArtifactRepository;
+import org.apache.maven.artifact.resolver.ArtifactResolver;
+import org.apache.maven.artifact.versioning.ArtifactVersion;
+import org.apache.maven.enforcer.rule.api.EnforcerRule;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
+import org.apache.maven.execution.MavenSession;
+import org.apache.maven.model.Dependency;
+import org.apache.maven.plugin.MojoExecution;
+import org.apache.maven.plugin.MojoExecutionException;
+import org.apache.maven.project.MavenProject;
+import org.apache.maven.repository.RepositorySystem;
+import org.apache.maven.settings.Settings;
+import org.codehaus.mojo.versions.api.ArtifactVersions;
+import org.codehaus.mojo.versions.api.DefaultVersionsHelper;
+import org.codehaus.mojo.versions.api.Segment;
+import org.codehaus.mojo.versions.api.VersionsHelper;
+import org.codehaus.mojo.versions.model.RuleSet;
+import org.codehaus.mojo.versions.utils.DependencyComparator;
+import org.codehaus.mojo.versions.utils.MavenProjectUtils;
+import org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
+
+import static java.util.Collections.emptyList;
+import static java.util.Collections.singletonList;
+import static java.util.Optional.empty;
+import static java.util.Optional.of;
+import static org.codehaus.mojo.versions.api.Segment.INCREMENTAL;
+import static org.codehaus.mojo.versions.api.Segment.MINOR;
+import static org.codehaus.mojo.versions.api.Segment.SUBINCREMENTAL;
+import static org.codehaus.mojo.versions.filtering.DependencyFilter.filterDependencies;
+import static org.codehaus.mojo.versions.filtering.WildcardMatcher.WILDCARD;
+import static org.codehaus.mojo.versions.utils.MavenProjectUtils.extractDependenciesFromDependencyManagement;
+import static org.codehaus.mojo.versions.utils.MavenProjectUtils.extractDependenciesFromPlugins;
+import static org.codehaus.mojo.versions.utils.MavenProjectUtils.extractPluginDependenciesFromPluginsInPluginManagement;
+
+public class MaxDependencyUpdates implements EnforcerRule
+{
+    /**
+     * Maximum allowed number of updates.
+     *
+     * @since 2.14.0
+     */
+    protected int maxUpdates = 0;
+
+    /**
+     * Whether to process the dependencies section of the project.
+     *
+     * @since 2.14.0
+     */
+    protected boolean processDependencies = true;
+
+    /**
+     * Whether to process the dependencyManagement section of the project.
+     *
+     * @since 1.2
+     */
+    protected boolean processDependencyManagement = true;
+
+    /**
+     * Whether to process the dependencyManagement part transitive or not.
+     * In case of type {@code pom} and scope {@code import}, this means
+     * by default to report also the imported dependencies.
+     * If the parameter is set to {@code false}, the report will only show
+     * updates of the imported pom itself.
+     *
+     * @since 2.14.0
+     */
+    protected boolean processDependencyManagementTransitive = true;
+
+    /**
+     * Whether to process the dependencies sections of plugins.
+     *
+     * @since 2.14.0
+     */
+    protected boolean processPluginDependencies = true;
+
+    /**
+     * Whether to process the dependencies sections of plugins which are defined in pluginManagement.
+     *
+     * @since 2.14.0
+     */
+    protected boolean processPluginDependenciesInPluginManagement = true;
+
+    /**
+     * Whether minor updates should be ignored. Default {@code false}.
+     *
+     * <p><b>Note: </b> when {@code true}, will also assume that {@link #ignoreIncrementalUpdates}
+     * and {@link #ignoreSubIncrementalUpdates} are {@code true}.</p>
+     *
+     * @since 2.14.0
+     */
+    protected boolean ignoreMinorUpdates = false;
+
+    /**
+     * Whether incremental updates should be ignored. Default {@code false}.
+     *
+     * <p><b>Note: </b> when {@code true}, will also assume that
+     * {@link #ignoreSubIncrementalUpdates} is {@code true}.</p>
+     *
+     * @since 2.14.0
+     */
+    protected boolean ignoreIncrementalUpdates = false;
+
+    /**
+     * Whether sub-incremental updates should be ignored. Default {@code false}.
+     *
+     * @since 2.14.0
+     */
+    protected boolean ignoreSubIncrementalUpdates = false;
+
+    /**
+     * List of dependency inclusion patterns.
+     * Only dependencies matching all the patterns will be considered.
+     * The wildcard "*" can be used as the only, first, last or both characters in each token.
+     * The version token does support version ranges.
+     *
+     * @since 2.14.0
+     */
+    protected List<String> dependencyIncludes = singletonList( WILDCARD );
+
+    /**
+     * List of dependency exclusion patterns.
+     * Only dependencies matching none of the patterns will be considered.
+     * The wildcard "*" can be used as the only, first, last or both characters in each token.
+     * The version token does support version ranges.
+     *
+     * @since 2.14.0
+     */
+    protected List<String> dependencyExcludes = emptyList();
+
+    /**
+     * List of dependency management inclusion patterns.
+     * Only dependencies matching all the patterns will be considered.
+     * The wildcard "*" can be used as the only, first, last or both characters in each token.
+     * The version token does support version ranges.
+     *
+     * @since 2.14.0
+     */
+    protected List<String> dependencyManagementIncludes = singletonList( WILDCARD );
+
+    /**
+     * List of dependency management exclusion patterns.
+     * Only dependencies matching none of the patterns will be considered.
+     * The wildcard "*" can be used as the only, first, last or both characters in each token.
+     * The version token does support version ranges.
+     *
+     * @since 2.14.0
+     */
+    protected List<String> dependencyManagementExcludes = emptyList();
+
+    /**
+     * List of plugin dependency inclusion patterns.
+     * Only dependencies matching all the patterns will be considered.
+     * The wildcard "*" can be used as the only, first, last or both characters in each token.
+     * The version token does support version ranges.
+     *
+     * @since 2.14.0
+     */
+    protected List<String> pluginDependencyIncludes = singletonList( WILDCARD );
+
+    /**
+     * List of plugin dependency exclusion patterns.
+     * Only dependencies matching none of the patterns will be considered.
+     * The wildcard "*" can be used as the only, first, last or both characters in each token.
+     * The version token does support version ranges.
+     *
+     * @since 2.14.0
+     */
+    protected List<String> pluginDependencyExcludes = emptyList();
+
+    /**
+     * List of plugin management dependency inclusion patterns.
+     * Only dependencies matching all the patterns will be considered.
+     * The wildcard "*" can be used as the only, first, last or both characters in each token.
+     * The version token does support version ranges.
+     *
+     * @since 2.14.0
+     */
+    protected List<String> pluginManagementDependencyIncludes = singletonList( WILDCARD );
+
+    /**
+     * List of plugin dependency management exclusion patterns.
+     * Only dependencies matching none of the patterns will be considered.
+     * The wildcard "*" can be used as the only, first, last or both characters in each token.
+     * The version token does support version ranges.
+     *
+     * @since 2.14.0
+     */
+    protected List<String> pluginManagementDependencyExcludes = emptyList();
+
+    /**
+     * settings.xml's server id for the URL. This is used when wagon needs extra authentication information.
+     *
+     * @since 2.14.0
+     */
+    private String serverId;
+
+    /**
+     * URI of a ruleSet file containing the rules that control how to compare
+     * version numbers. The URI could be either a Wagon URI or a classpath URI
+     * (e.g. <code>classpath:///package/sub/package/rules.xml</code>).
+     *
+     * 2.14.0
+     */
+    private String rulesUri;
+
+    /**
+     * <p>Allows specifying the {@linkplain RuleSet} object describing rules
+     * on artifact versions to ignore when considering updates.</p>
+     *
+     * @see <a href="https://www.mojohaus.org/versions-maven-plugin/version-rules.html#Using_the_ruleSet_element_in_the_POM">
+     *     Using the ruleSet element in the POM</a>
+     *
+     * @since 2.14.0
+     */
+    protected RuleSet ruleSet;
+
+    /**
+     * Retrieves the maven project from metadata
+     * @param ruleHelper EnforcerRuleHelper object
+     * @return maven project
+     */
+    private static MavenProject getMavenProject( EnforcerRuleHelper ruleHelper )
+    {
+        try
+        {
+            return (MavenProject) ruleHelper.evaluate( "${project}" );
+        }
+        catch ( ExpressionEvaluationException e )
+        {
+            throw new RuntimeException( "Cannot evaluate project metadata", e );
+        }
+    }
+
+    /**
+     * Creates the VersionsHelper object
+     * @param ruleHelper EnforcerRuleHelper object
+     * @return VersionsHelper object
+     */
+    @SuppressWarnings( "unchecked" )
+    private static VersionsHelper createVersionsHelper( EnforcerRuleHelper ruleHelper,
+                                                        String serverId,
+                                                        String rulesUri,
+                                                        RuleSet ruleSet )
+    {
+        try
+        {
+            return new DefaultVersionsHelper.Builder()
+                    .withRepositorySystem( ruleHelper.getComponent( RepositorySystem.class ) )
+                    .withArtifactResolver( ruleHelper.getComponent( ArtifactResolver.class ) )
+                    .withArtifactMetadataSource( ruleHelper.getComponent( ArtifactMetadataSource.class ) )
+                    .withRemoteArtifactRepositories( (List<ArtifactRepository>)
+                            ruleHelper.evaluate( "${project.remoteArtifactRepositories}" ) )
+                    .withRemotePluginRepositories( (List<ArtifactRepository>)
+                            ruleHelper.evaluate( "${project.remotePluginRepositories}" ) )
+                    .withLocalRepository( (ArtifactRepository) ruleHelper.evaluate( "${localRepository}" ) )
+                    .withWagonManager( ruleHelper.getComponent( WagonManager.class ) )
+                    .withSettings( (Settings) ruleHelper.evaluate( "${settings}" ) )
+                    .withServerId( serverId )
+                    .withRulesUri( rulesUri )
+                    .withRuleSet( ruleSet )
+                    .withIgnoredVersions( null )
+                    .withLog( ruleHelper.getLog() )
+                    .withMavenSession( (MavenSession) ruleHelper.evaluate( "${session}" ) )
+                    .withMojoExecution( (MojoExecution) ruleHelper.evaluate( "${mojoExecution}" ) )
+                    .build();
+        }
+        catch ( ExpressionEvaluationException e )
+        {
+            throw new RuntimeException( "Cannot evaluate project metadata", e );
+        }
+        catch ( ComponentLookupException | MojoExecutionException e )
+        {
+            throw new RuntimeException( "Cannot resolve dependency", e );
+        }
+    }
+    @Override
+    public boolean isCacheable()
+    {
+        return false;
+    }
+
+    @Override
+    public boolean isResultValid( EnforcerRule enforcerRule )
+    {
+        return false;
+    }
+
+    @Override
+    public String getCacheId()
+    {
+        return "Does not matter as not cacheable";
+    }
+
+    @Override
+    public void execute( EnforcerRuleHelper ruleHelper ) throws EnforcerRuleException
+    {
+        VersionsHelper versionsHelper = createVersionsHelper( ruleHelper, serverId != null ? serverId : "serverId",
+                rulesUri, ruleSet );
+        MavenProject project = getMavenProject( ruleHelper );
+        Set<Dependency> dependencies = new TreeSet<>( DependencyComparator.INSTANCE );
+        if ( processDependencyManagement )
+        {
+            try
+            {
+                dependencies.addAll( filterDependencies( extractDependenciesFromDependencyManagement( project,
+                                processDependencyManagementTransitive, ruleHelper.getLog() ),
+                        dependencyManagementIncludes, dependencyManagementExcludes, "Dependency Management",
+                        ruleHelper.getLog() ) );
+            }
+            catch ( MavenProjectUtils.VersionRetrievalException e )
+            {
+                throw new EnforcerRuleException( e.getMessage() );
+            }
+        }
+        if ( processPluginDependencies )
+        {
+            dependencies.addAll( filterDependencies( extractDependenciesFromPlugins( project ),
+                    pluginDependencyIncludes, pluginDependencyExcludes,
+                    "Plugin Dependencies", ruleHelper.getLog() ) );
+        }
+        if ( processPluginDependenciesInPluginManagement )
+        {
+            dependencies.addAll( filterDependencies(
+                    extractPluginDependenciesFromPluginsInPluginManagement( project ),
+                    pluginManagementDependencyIncludes, pluginManagementDependencyExcludes,
+                    "Plugin Management Dependencies", ruleHelper.getLog() ) );
+        }
+        if ( processDependencies )
+        {
+            dependencies.addAll( filterDependencies( project.getDependencies(),
+                    dependencyIncludes, dependencyExcludes, "Dependencies", ruleHelper.getLog() ) );
+        }
+        try
+        {
+            Optional<Segment> ignoredSegment = ignoreSubIncrementalUpdates
+                    ? of( SUBINCREMENTAL )
+                    : ignoreIncrementalUpdates
+                        ? of( INCREMENTAL )
+                        : ignoreMinorUpdates
+                            ? of( MINOR )
+                            : empty();
+            List<ArtifactVersions> upgradable = versionsHelper
+                    .lookupDependenciesUpdates( dependencies, false )
+                    .values()
+                    .parallelStream()
+                    .filter( v ->
+                        v.getVersions( v.restrictionForIgnoreScope( ignoredSegment ), true ).length > 0
+                    )
+                    .collect( Collectors.toList() );
+            if ( upgradable.size() > maxUpdates )
+            {
+                throw new EnforcerRuleException( "More than " + maxUpdates + " upgradable artifacts detected: "
+                        + upgradable.stream().map( av -> av.getArtifact() + " -> ["
+                                + Arrays.stream( av.getVersions() )
+                                .map( ArtifactVersion::toString )
+                                .collect( Collectors.joining( ", " ) )
+                                + "]" )
+                        .collect( Collectors.joining( ", " ) ) );
+            }
+        }
+        catch ( ArtifactMetadataRetrievalException e )
+        {
+            throw new RuntimeException( e );
+        }
+    }
+}
diff --git a/versions-enforcer/src/test/java/org/apache/maven/plugins/enforcer/MaxDependencyUpdatesTest.java b/versions-enforcer/src/test/java/org/apache/maven/plugins/enforcer/MaxDependencyUpdatesTest.java
new file mode 100644
index 0000000000..b98b32b6e0
--- /dev/null
+++ b/versions-enforcer/src/test/java/org/apache/maven/plugins/enforcer/MaxDependencyUpdatesTest.java
@@ -0,0 +1,314 @@
+package org.apache.maven.plugins.enforcer;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+
+import org.apache.maven.artifact.metadata.ArtifactMetadataSource;
+import org.apache.maven.artifact.resolver.ArtifactResolver;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
+import org.apache.maven.execution.MavenSession;
+import org.apache.maven.plugin.MojoExecution;
+import org.apache.maven.plugin.testing.stubs.StubArtifactRepository;
+import org.apache.maven.project.MavenProject;
+import org.apache.maven.repository.RepositorySystem;
+import org.apache.maven.settings.Settings;
+import org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
+import org.junit.Test;
+import org.mockito.ArgumentMatchers;
+
+import static java.util.Collections.singletonList;
+import static org.codehaus.mojo.versions.utils.DependencyBuilder.dependencyWith;
+import static org.codehaus.mojo.versions.utils.MockUtils.mockArtifactMetadataSource;
+import static org.codehaus.mojo.versions.utils.MockUtils.mockRepositorySystem;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class MaxDependencyUpdatesTest
+{
+    private static Settings createSettings()
+    {
+        return new Settings();
+    }
+
+    private static MavenSession createSession()
+    {
+        return mock( MavenSession.class );
+    }
+
+    private static MojoExecution createMojoExecution()
+    {
+        return mock( MojoExecution.class );
+    }
+
+
+    private static EnforcerRuleHelper mockRuleHelper( MavenProject mavenProject,
+                                                      ArtifactMetadataSource artifactMetadataSource )
+            throws ExpressionEvaluationException, ComponentLookupException
+    {
+        EnforcerRuleHelper ruleHelper = mock( EnforcerRuleHelper.class );
+        when( ruleHelper.evaluate( anyString() ) )
+                .then( ( a ) -> "${project}".equals( a.getArgument( 0 ) )
+                        ? mavenProject
+                        : "${localRepository}".equals( a.getArgument( 0 ) )
+                        ? new StubArtifactRepository( "" )
+                        : "${settings}".equals( a.getArgument( 0 ) )
+                        ? createSettings()
+                        : "${session}".equals( a.getArgument( 0 ) )
+                        ? createSession()
+                        : "${mojoExecution}".equals( a.getArgument( 0 ) )
+                        ? createMojoExecution()
+                        : null );
+        when( ruleHelper.getComponent( ArgumentMatchers.<Class<?>>any() ) )
+                .then( ( a ) -> a.getArgument( 0 ) == RepositorySystem.class
+                        ? mockRepositorySystem()
+                        : a.getArgument( 0 ) == ArtifactResolver.class
+                        ? mock( ArtifactResolver.class )
+                        : a.getArgument( 0 ) == ArtifactMetadataSource.class
+                        ? artifactMetadataSource
+                        : null );
+        return ruleHelper;
+    }
+
+    @Test
+    public void testRuleFailsByMaxUpdatesExceeded()
+            throws ExpressionEvaluationException, ComponentLookupException
+    {
+        EnforcerRuleHelper ruleHelper = mockRuleHelper( new MavenProject()
+        {{
+            setDependencies( Arrays.asList(
+                    dependencyWith( "group", "artifactA", "1.0.0" ),
+                    dependencyWith( "group", "artifactB", "1.0.0" ) ) );
+        }}, mockArtifactMetadataSource( new HashMap<String, String[]>()
+        {{
+            put( "artifactA", new String[] { "1.0.0", "2.0.0" } );
+            put( "artifactB", new String[] { "1.0.0", "2.0.0" } );
+        }} ) );
+
+        try
+        {
+            new MaxDependencyUpdates()
+            {{
+                maxUpdates = 1;
+            }}.execute( ruleHelper );
+
+            fail( "EnforcerRuleException should have been thrown" );
+        }
+        catch ( EnforcerRuleException e )
+        {
+            assertThat( e.getMessage(), containsString( "More than 1 upgradable artifacts detected" ) );
+        }
+    }
+
+    @Test
+    public void testRulePassesByMaxUpdatesNotExceeded()
+            throws ExpressionEvaluationException, ComponentLookupException
+    {
+        EnforcerRuleHelper ruleHelper = mockRuleHelper( new MavenProject()
+        {{
+            setDependencies( singletonList(
+                    dependencyWith( "group", "artifactA", "1.0.0" ) ) );
+        }}, mockArtifactMetadataSource( new HashMap<String, String[]>()
+        {{
+            put( "artifactA", new String[] { "1.0.0", "2.0.0" } );
+        }} ) );
+
+        try
+        {
+            new MaxDependencyUpdates()
+            {{
+                maxUpdates = 1;
+            }}.execute( ruleHelper );
+        }
+        catch ( EnforcerRuleException e )
+        {
+            fail( "No EnforcerRuleException should have been thrown" );
+        }
+    }
+
+    @Test
+    public void testRulePassesByMaxUpdatesNotExceededDependencyIncludes()
+            throws ExpressionEvaluationException, ComponentLookupException
+    {
+        EnforcerRuleHelper ruleHelper = mockRuleHelper( new MavenProject()
+        {{
+            setDependencies( Arrays.asList(
+                    dependencyWith( "group", "artifactA", "1.0.0" ),
+                    dependencyWith( "group", "artifactB", "1.0.0" ) ) );
+        }}, mockArtifactMetadataSource( new HashMap<String, String[]>()
+        {{
+            put( "artifactA", new String[] { "1.0.0", "2.0.0" } );
+            put( "artifactB", new String[] { "1.0.0" } );
+        }} ) );
+
+        try
+        {
+            new MaxDependencyUpdates()
+            {{
+                dependencyIncludes = singletonList( "group:artifactB" );
+            }}.execute( ruleHelper );
+        }
+        catch ( EnforcerRuleException e )
+        {
+            fail( "No EnforcerRuleException should have been thrown" );
+        }
+    }
+
+    @Test
+    public void testRulePassesByMaxUpdatesNotExceededDependencyExcludes()
+            throws ExpressionEvaluationException, ComponentLookupException
+    {
+        EnforcerRuleHelper ruleHelper = mockRuleHelper( new MavenProject()
+        {{
+            setDependencies( Arrays.asList(
+                    dependencyWith( "group", "artifactA", "1.0.0" ),
+                    dependencyWith( "group", "artifactB", "1.0.0" ) ) );
+        }}, mockArtifactMetadataSource( new HashMap<String, String[]>()
+        {{
+            put( "artifactA", new String[] { "1.0.0", "2.0.0" } );
+            put( "artifactB", new String[] { "1.0.0" } );
+        }} ) );
+
+        try
+        {
+            new MaxDependencyUpdates()
+            {{
+                dependencyExcludes = singletonList( "group:artifactA" );
+            }}.execute( ruleHelper );
+        }
+        catch ( EnforcerRuleException e )
+        {
+            fail( "No EnforcerRuleException should have been thrown" );
+        }
+    }
+
+    @Test
+    public void testRulePassesByMaxUpdatesNotExceededDependencyIncludesExcludes()
+            throws ExpressionEvaluationException, ComponentLookupException
+    {
+        EnforcerRuleHelper ruleHelper = mockRuleHelper( new MavenProject()
+        {{
+            setDependencies( Arrays.asList(
+                    dependencyWith( "group", "artifactA", "1.0.0" ),
+                    dependencyWith( "group", "artifactB", "1.0.0" ) ) );
+        }}, mockArtifactMetadataSource( new HashMap<String, String[]>()
+        {{
+            put( "artifactA", new String[] { "1.0.0", "2.0.0" } );
+            put( "artifactB", new String[] { "1.0.0" } );
+        }} ) );
+
+        try
+        {
+            new MaxDependencyUpdates()
+            {{
+                dependencyIncludes = singletonList( "group:*" );
+                dependencyExcludes = singletonList( "group:artifactA" );
+            }}.execute( ruleHelper );
+        }
+        catch ( EnforcerRuleException e )
+        {
+            fail( "No EnforcerRuleException should have been thrown" );
+        }
+    }
+
+    @Test
+    public void testIgnoreSubIncrementalUpdates()
+            throws ExpressionEvaluationException, ComponentLookupException
+    {
+        EnforcerRuleHelper ruleHelper = mockRuleHelper( new MavenProject()
+        {{
+            setDependencies( Arrays.asList(
+                    dependencyWith( "group", "artifactA", "1.0.0" ) ) );
+        }}, mockArtifactMetadataSource( new HashMap<String, String[]>()
+        {{
+            put( "artifactA", new String[] { "1.0.0", "1.0.0-1" } );
+        }} ) );
+
+        try
+        {
+            new MaxDependencyUpdates()
+            {{
+                ignoreSubIncrementalUpdates = true;
+            }}.execute( ruleHelper );
+        }
+        catch ( EnforcerRuleException e )
+        {
+            fail( "No EnforcerRuleException should have been thrown" );
+        }
+    }
+
+    @Test
+    public void testIgnoreIncrementalUpdates()
+            throws ExpressionEvaluationException, ComponentLookupException
+    {
+        EnforcerRuleHelper ruleHelper = mockRuleHelper( new MavenProject()
+        {{
+            setDependencies( Arrays.asList(
+                    dependencyWith( "group", "artifactA", "1.0.0" ) ) );
+        }}, mockArtifactMetadataSource( new HashMap<String, String[]>()
+        {{
+            put( "artifactA", new String[] { "1.0.0", "1.0.0-1", "1.0.1" } );
+        }} ) );
+
+        try
+        {
+            new MaxDependencyUpdates()
+            {{
+                ignoreIncrementalUpdates = true;
+            }}.execute( ruleHelper );
+        }
+        catch ( EnforcerRuleException e )
+        {
+            fail( "No EnforcerRuleException should have been thrown" );
+        }
+    }
+
+    @Test
+    public void testIgnoreMinorUpdates()
+            throws ExpressionEvaluationException, ComponentLookupException
+    {
+        EnforcerRuleHelper ruleHelper = mockRuleHelper( new MavenProject()
+        {{
+            setDependencies( Arrays.asList(
+                    dependencyWith( "group", "artifactA", "1.0.0" ) ) );
+        }}, mockArtifactMetadataSource( new HashMap<String, String[]>()
+        {{
+            put( "artifactA", new String[] { "1.0.0", "1.0.0-1", "1.0.1", "1.1.0" } );
+        }} ) );
+
+        try
+        {
+            new MaxDependencyUpdates()
+            {{
+                ignoreMinorUpdates = true;
+            }}.execute( ruleHelper );
+        }
+        catch ( EnforcerRuleException e )
+        {
+            fail( "No EnforcerRuleException should have been thrown" );
+        }
+    }
+}
diff --git a/versions-maven-plugin/pom.xml b/versions-maven-plugin/pom.xml
index 3881b4f003..3f621b93b6 100644
--- a/versions-maven-plugin/pom.xml
+++ b/versions-maven-plugin/pom.xml
@@ -27,6 +27,20 @@
       <version>${project.version}</version>
     </dependency>
 
+    <dependency>
+      <groupId>org.codehaus.mojo.versions</groupId>
+      <artifactId>versions-enforcer</artifactId>
+      <version>${project.version}</version>
+      <scope>runtime</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>org.codehaus.mojo.versions</groupId>
+      <artifactId>versions-test</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+
     <dependency>
       <groupId>org.codehaus.mojo.versions</groupId>
       <artifactId>versions-common</artifactId>
@@ -38,7 +52,7 @@
       <artifactId>maven-plugin-annotations</artifactId>
       <scope>provided</scope>
     </dependency>
-  
+
     <dependency>
       <groupId>org.apache.maven</groupId>
       <artifactId>maven-artifact</artifactId>
diff --git a/versions-maven-plugin/src/it/it-max-dependency-updates-001/invoker.properties b/versions-maven-plugin/src/it/it-max-dependency-updates-001/invoker.properties
new file mode 100644
index 0000000000..38b185e579
--- /dev/null
+++ b/versions-maven-plugin/src/it/it-max-dependency-updates-001/invoker.properties
@@ -0,0 +1,2 @@
+invoker.goals = enforcer:enforce
+invoker.buildResult = failure
diff --git a/versions-maven-plugin/src/it/it-max-dependency-updates-001/pom.xml b/versions-maven-plugin/src/it/it-max-dependency-updates-001/pom.xml
new file mode 100644
index 0000000000..feded7f7a8
--- /dev/null
+++ b/versions-maven-plugin/src/it/it-max-dependency-updates-001/pom.xml
@@ -0,0 +1,44 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>localhost</groupId>
+  <artifactId>it-max-dependency-upgrades</artifactId>
+  <version>1.0</version>
+  <packaging>pom</packaging>
+
+  <dependencies>
+    <dependency>
+      <groupId>localhost</groupId>
+      <artifactId>dummy-api</artifactId>
+      <version>1.1</version>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>3.1.0</version>
+        <goals>
+          <goal>enforce</goal>
+        </goals>
+        <configuration>
+          <rules>
+            <maxDependencyUpdates>
+              <maxUpdates>0</maxUpdates>
+            </maxDependencyUpdates>
+          </rules>
+        </configuration>
+        <dependencies>
+          <dependency>
+            <groupId>@project.groupId@</groupId>
+            <artifactId>@project.artifactId@</artifactId>
+            <version>@project.version@</version>
+          </dependency>
+        </dependencies>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/versions-maven-plugin/src/it/it-max-dependency-updates-002/invoker.properties b/versions-maven-plugin/src/it/it-max-dependency-updates-002/invoker.properties
new file mode 100644
index 0000000000..a30e3767bb
--- /dev/null
+++ b/versions-maven-plugin/src/it/it-max-dependency-updates-002/invoker.properties
@@ -0,0 +1,2 @@
+invoker.goals = enforcer:enforce
+invoker.buildResult = success
diff --git a/versions-maven-plugin/src/it/it-max-dependency-updates-002/pom.xml b/versions-maven-plugin/src/it/it-max-dependency-updates-002/pom.xml
new file mode 100644
index 0000000000..c748a8293b
--- /dev/null
+++ b/versions-maven-plugin/src/it/it-max-dependency-updates-002/pom.xml
@@ -0,0 +1,44 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>localhost</groupId>
+  <artifactId>it-max-dependency-upgrades</artifactId>
+  <version>1.0</version>
+  <packaging>pom</packaging>
+
+  <dependencies>
+    <dependency>
+      <groupId>localhost</groupId>
+      <artifactId>dummy-api</artifactId>
+      <version>1.1</version>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>3.1.0</version>
+        <goals>
+          <goal>enforce</goal>
+        </goals>
+        <configuration>
+          <rules>
+            <maxDependencyUpdates>
+              <maxUpdates>1</maxUpdates>
+            </maxDependencyUpdates>
+          </rules>
+        </configuration>
+        <dependencies>
+          <dependency>
+            <groupId>@project.groupId@</groupId>
+            <artifactId>@project.artifactId@</artifactId>
+            <version>@project.version@</version>
+          </dependency>
+        </dependencies>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/versions-maven-plugin/src/it/it-max-dependency-updates-003/invoker.properties b/versions-maven-plugin/src/it/it-max-dependency-updates-003/invoker.properties
new file mode 100644
index 0000000000..a30e3767bb
--- /dev/null
+++ b/versions-maven-plugin/src/it/it-max-dependency-updates-003/invoker.properties
@@ -0,0 +1,2 @@
+invoker.goals = enforcer:enforce
+invoker.buildResult = success
diff --git a/versions-maven-plugin/src/it/it-max-dependency-updates-003/pom.xml b/versions-maven-plugin/src/it/it-max-dependency-updates-003/pom.xml
new file mode 100644
index 0000000000..3fdec699b0
--- /dev/null
+++ b/versions-maven-plugin/src/it/it-max-dependency-updates-003/pom.xml
@@ -0,0 +1,47 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>localhost</groupId>
+  <artifactId>it-max-dependency-upgrades</artifactId>
+  <version>1.0</version>
+  <packaging>pom</packaging>
+
+  <dependencies>
+    <dependency>
+      <groupId>localhost</groupId>
+      <artifactId>dummy-api</artifactId>
+      <version>1.1</version>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>3.1.0</version>
+        <goals>
+          <goal>enforce</goal>
+        </goals>
+        <configuration>
+          <rules>
+            <maxDependencyUpdates>
+              <maxUpdates>0</maxUpdates>
+              <dependencyExcludes>
+                <dependencyExclude>localhost:*</dependencyExclude>
+              </dependencyExcludes>
+            </maxDependencyUpdates>
+          </rules>
+        </configuration>
+        <dependencies>
+          <dependency>
+            <groupId>@project.groupId@</groupId>
+            <artifactId>@project.artifactId@</artifactId>
+            <version>@project.version@</version>
+          </dependency>
+        </dependencies>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/versions-maven-plugin/src/it/it-max-dependency-updates-004/invoker.properties b/versions-maven-plugin/src/it/it-max-dependency-updates-004/invoker.properties
new file mode 100644
index 0000000000..a30e3767bb
--- /dev/null
+++ b/versions-maven-plugin/src/it/it-max-dependency-updates-004/invoker.properties
@@ -0,0 +1,2 @@
+invoker.goals = enforcer:enforce
+invoker.buildResult = success
diff --git a/versions-maven-plugin/src/it/it-max-dependency-updates-004/pom.xml b/versions-maven-plugin/src/it/it-max-dependency-updates-004/pom.xml
new file mode 100644
index 0000000000..3fcfb07e0c
--- /dev/null
+++ b/versions-maven-plugin/src/it/it-max-dependency-updates-004/pom.xml
@@ -0,0 +1,45 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>localhost</groupId>
+  <artifactId>it-max-dependency-upgrades</artifactId>
+  <version>1.0</version>
+  <packaging>pom</packaging>
+
+  <dependencies>
+    <dependency>
+      <groupId>localhost</groupId>
+      <artifactId>dummy-impl</artifactId>
+      <version>2.0</version>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>3.1.0</version>
+        <goals>
+          <goal>enforce</goal>
+        </goals>
+        <configuration>
+          <rules>
+            <maxDependencyUpdates>
+              <maxUpdates>0</maxUpdates>
+              <ignoreMinorUpdates>true</ignoreMinorUpdates>
+            </maxDependencyUpdates>
+          </rules>
+        </configuration>
+        <dependencies>
+          <dependency>
+            <groupId>@project.groupId@</groupId>
+            <artifactId>@project.artifactId@</artifactId>
+            <version>@project.version@</version>
+          </dependency>
+        </dependencies>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/versions-maven-plugin/src/main/java/org/codehaus/mojo/versions/DependencyUpdatesReportMojo.java b/versions-maven-plugin/src/main/java/org/codehaus/mojo/versions/DependencyUpdatesReportMojo.java
index 69c5a66e67..c4fc976ad8 100644
--- a/versions-maven-plugin/src/main/java/org/codehaus/mojo/versions/DependencyUpdatesReportMojo.java
+++ b/versions-maven-plugin/src/main/java/org/codehaus/mojo/versions/DependencyUpdatesReportMojo.java
@@ -52,6 +52,7 @@
 import org.codehaus.plexus.i18n.I18N;
 
 import static java.util.Collections.emptyMap;
+import static org.codehaus.mojo.versions.utils.MavenProjectUtils.interpolateVersion;
 import static org.codehaus.mojo.versions.utils.MiscUtils.filter;
 
 /**
@@ -174,7 +175,7 @@ && getProject().getOriginalModel().getDependencyManagement().getDependencies() !
                     // TODO: I'm not 100% sure if this will work correctly in all cases.
                     for ( Dependency dep : getProject().getOriginalModel().getDependencyManagement().getDependencies() )
                     {
-                        dep = getHelper().interpolateVersion( dep, getProject() );
+                        dep = interpolateVersion( dep, getProject() );
 
                         getLog().debug( "Original Dpmg: " + dep.getGroupId() + ":" + dep.getArtifactId() + ":"
                             + dep.getVersion() + ":" + dep.getType() + ":" + dep.getScope() );
diff --git a/versions-maven-plugin/src/main/java/org/codehaus/mojo/versions/DisplayDependencyUpdatesMojo.java b/versions-maven-plugin/src/main/java/org/codehaus/mojo/versions/DisplayDependencyUpdatesMojo.java
index da5b9a0b8a..dfdf9c2e02 100644
--- a/versions-maven-plugin/src/main/java/org/codehaus/mojo/versions/DisplayDependencyUpdatesMojo.java
+++ b/versions-maven-plugin/src/main/java/org/codehaus/mojo/versions/DisplayDependencyUpdatesMojo.java
@@ -29,7 +29,6 @@
 import java.util.Optional;
 import java.util.Set;
 import java.util.TreeSet;
-import java.util.stream.Collectors;
 
 import org.apache.maven.artifact.ArtifactUtils;
 import org.apache.maven.artifact.manager.WagonManager;
@@ -37,30 +36,31 @@
 import org.apache.maven.artifact.metadata.ArtifactMetadataSource;
 import org.apache.maven.artifact.resolver.ArtifactResolver;
 import org.apache.maven.artifact.versioning.ArtifactVersion;
-import org.apache.maven.model.Build;
 import org.apache.maven.model.Dependency;
-import org.apache.maven.model.DependencyManagement;
-import org.apache.maven.model.Plugin;
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugin.MojoFailureException;
 import org.apache.maven.plugins.annotations.Mojo;
 import org.apache.maven.plugins.annotations.Parameter;
-import org.apache.maven.project.MavenProject;
 import org.apache.maven.project.MavenProjectBuilder;
 import org.apache.maven.repository.RepositorySystem;
 import org.codehaus.mojo.versions.api.ArtifactVersions;
 import org.codehaus.mojo.versions.api.Segment;
-import org.codehaus.mojo.versions.filtering.DependencyFilter;
 import org.codehaus.mojo.versions.filtering.WildcardMatcher;
 import org.codehaus.mojo.versions.rewriting.ModifiedPomXMLEventReader;
 import org.codehaus.mojo.versions.utils.DependencyComparator;
+import org.codehaus.mojo.versions.utils.MavenProjectUtils;
 import org.codehaus.mojo.versions.utils.SegmentUtils;
 import org.codehaus.plexus.util.StringUtils;
 
+import static java.util.Collections.emptySet;
 import static java.util.Optional.empty;
 import static java.util.Optional.of;
 import static org.apache.commons.lang3.StringUtils.countMatches;
 import static org.codehaus.mojo.versions.api.Segment.MAJOR;
+import static org.codehaus.mojo.versions.filtering.DependencyFilter.filterDependencies;
+import static org.codehaus.mojo.versions.utils.MavenProjectUtils.extractDependenciesFromDependencyManagement;
+import static org.codehaus.mojo.versions.utils.MavenProjectUtils.extractDependenciesFromPlugins;
+import static org.codehaus.mojo.versions.utils.MavenProjectUtils.extractPluginDependenciesFromPluginsInPluginManagement;
 
 /**
  * Displays all dependencies that have newer versions available.
@@ -356,68 +356,6 @@ public DisplayDependencyUpdatesMojo( RepositorySystem repositorySystem,
         super( repositorySystem, projectBuilder, artifactMetadataSource, wagonManager, artifactResolver );
     }
 
-    private static Set<Dependency> extractPluginDependenciesFromPluginsInPluginManagement( Build build )
-    {
-        Set<Dependency> result = new TreeSet<>( DependencyComparator.INSTANCE );
-        if ( build.getPluginManagement() != null )
-        {
-            for ( Plugin plugin : build.getPluginManagement().getPlugins() )
-            {
-                if ( plugin.getDependencies() != null && !plugin.getDependencies().isEmpty() )
-                {
-                    result.addAll( plugin.getDependencies() );
-                }
-            }
-        }
-        return result;
-    }
-
-    private static Set<Dependency> extractDependenciesFromPlugins( List<Plugin> plugins )
-    {
-        Set<Dependency> result = new TreeSet<>( DependencyComparator.INSTANCE );
-        for ( Plugin plugin : plugins )
-        {
-            if ( plugin.getDependencies() != null && !plugin.getDependencies().isEmpty() )
-            {
-                result.addAll( plugin.getDependencies() );
-            }
-        }
-        return result;
-    }
-
-    /**
-     * Returns a set of dependencies where the dependencies which are defined in the dependency management section have
-     * been filtered out.
-     *
-     * @param dependencies         The set of dependencies.
-     * @param dependencyManagement The set of dependencies from the dependency management section.
-     * @return A new set of dependencies which are from the set of dependencies but not from the set of dependency
-     * management dependencies.
-     * @since 1.0-beta-1
-     */
-    private static Set<Dependency> removeDependencyManagment( Set<Dependency> dependencies,
-                                                              Set<Dependency> dependencyManagement )
-    {
-        Set<Dependency> result = new TreeSet<>( DependencyComparator.INSTANCE );
-        for ( Dependency dependency : dependencies )
-        {
-            boolean matched = false;
-            for ( Dependency managedDependency : dependencyManagement )
-            {
-                if ( dependenciesMatch( dependency, managedDependency ) )
-                {
-                    matched = true;
-                    break;
-                }
-            }
-            if ( !matched )
-            {
-                result.add( dependency );
-            }
-        }
-        return result;
-    }
-
     // open for tests
     protected static boolean dependenciesMatch( Dependency dependency, Dependency managedDependency )
     {
@@ -491,109 +429,51 @@ public void execute()
 
         validateInput();
 
-        Set<Dependency> dependencyManagement = new TreeSet<>( DependencyComparator.INSTANCE );
-        DependencyManagement projectDependencyManagement = getProjectDependencyManagement( getProject() );
-        if ( projectDependencyManagement != null )
-        {
-
-            List<Dependency> dependenciesFromPom = projectDependencyManagement.getDependencies();
-            for ( Dependency dependency : dependenciesFromPom )
-            {
-                getLog().debug( "dependency from pom: " + dependency.getGroupId() + ":" + dependency.getArtifactId()
-                                    + ":" + dependency.getVersion() + ":" + dependency.getScope() );
-                if ( dependency.getVersion() == null )
-                {
-                    // get parent and get the information from there.
-                    if ( getProject().hasParent() )
-                    {
-                        getLog().debug( "Reading parent dependencyManagement information" );
-                        DependencyManagement parentProjectDependencyManagement =
-                            getProjectDependencyManagement( getProject().getParent() );
-                        if ( parentProjectDependencyManagement != null )
-                        {
-                            List<Dependency> parentDeps = parentProjectDependencyManagement.getDependencies();
-                            for ( Dependency parentDep : parentDeps )
-                            {
-                                // only groupId && artifactId needed cause version is null
-                                if ( dependency.getGroupId().equals( parentDep.getGroupId() )
-                                    && dependency.getArtifactId().equals( parentDep.getArtifactId() )
-                                    && dependency.getType().equals( parentDep.getType() ) )
-                                {
-                                    dependencyManagement.add( parentDep );
-                                }
-                            }
-                        }
-                    }
-                    else
-                    {
-                        String message = "We can't get the version for the dependency " + dependency.getGroupId() + ":"
-                            + dependency.getArtifactId() + " cause there does not exist a parent.";
-                        getLog().error( message );
-                        // Throw error cause we will not able to get a version for a dependency.
-                        throw new MojoExecutionException( message );
-                    }
-                }
-                else
-                {
-                    dependency = getHelper().interpolateVersion( dependency, getProject() );
-                    dependencyManagement.add( dependency );
-                }
-            }
-        }
-
-        Set<Dependency> dependencies = new TreeSet<>( DependencyComparator.INSTANCE );
-        dependencies.addAll( getProject().getDependencies() );
-
-        if ( isProcessingDependencyManagement() )
-        {
-            dependencies = removeDependencyManagment( dependencies, dependencyManagement );
-        }
-
-        Set<Dependency> pluginDependencies = new TreeSet<>( DependencyComparator.INSTANCE );
-
-        if ( isProcessingPluginDependencies() )
-        {
-            pluginDependencies = extractDependenciesFromPlugins( getProject().getBuildPlugins() );
-        }
-
-        Set<Dependency> pluginDependenciesInPluginManagement = new TreeSet<>( DependencyComparator.INSTANCE );
-        if ( isProcessPluginDependenciesInDependencyManagement() )
-        {
-            pluginDependenciesInPluginManagement =
-                extractPluginDependenciesFromPluginsInPluginManagement( getProject().getBuild() );
-        }
+        Set<Dependency> dependencyManagement = emptySet();
 
         try
         {
             if ( isProcessingDependencyManagement() )
             {
-                dependencyManagement = filterDependencyManagementIncludes( dependencyManagement );
+                dependencyManagement = filterDependencies( extractDependenciesFromDependencyManagement( getProject(),
+                                processDependencyManagementTransitive, getLog() ),
+                        dependencyManagementIncludes, dependencyManagementExcludes, "Dependecy Management",
+                        getLog() );
 
-                logUpdates( getHelper().lookupDependenciesUpdates( dependencyManagement, false ),
-                            "Dependency Management" );
+                logUpdates( getHelper().lookupDependenciesUpdates( dependencyManagement,
+                                false ), "Dependency Management" );
             }
             if ( isProcessingDependencies() )
             {
-                dependencies = filterDependencyIncludes( dependencies );
-
-                logUpdates( getHelper().lookupDependenciesUpdates( dependencies, false ), "Dependencies" );
+                Set<Dependency> finalDependencyManagement = dependencyManagement;
+                logUpdates( getHelper().lookupDependenciesUpdates(
+                        filterDependencies( getProject().getDependencies()
+                            .parallelStream()
+                            .filter( dep -> finalDependencyManagement.parallelStream()
+                                    .noneMatch( depMan -> dependenciesMatch( dep, depMan ) ) )
+                            .collect( () -> new TreeSet<>( DependencyComparator.INSTANCE ), Set::add, Set::addAll ),
+                            dependencyIncludes, dependencyExcludes, "Dependencies", getLog() ),
+                                false ),
+                        "Dependencies" );
             }
             if ( isProcessPluginDependenciesInDependencyManagement() )
             {
-                pluginDependenciesInPluginManagement =
-                        filterPluginManagementIncludes( pluginDependenciesInPluginManagement );
-
-                logUpdates( getHelper().lookupDependenciesUpdates( pluginDependenciesInPluginManagement, false ),
-                            "pluginManagement of plugins" );
+                logUpdates( getHelper().lookupDependenciesUpdates( filterDependencies(
+                                extractPluginDependenciesFromPluginsInPluginManagement( getProject() ),
+                                pluginManagementDependencyIncludes, pluginManagementDependencyExcludes,
+                                "Plugin Management Dependencies", getLog() ), false ),
+                        "pluginManagement of plugins" );
             }
             if ( isProcessingPluginDependencies() )
             {
-                pluginDependencies = filterPluginDependencyIncludes( pluginDependencies );
-
-                logUpdates( getHelper().lookupDependenciesUpdates( pluginDependencies, false ), "Plugin Dependencies" );
+                logUpdates( getHelper().lookupDependenciesUpdates( filterDependencies(
+                                extractDependenciesFromPlugins( getProject() ),
+                                pluginDependencyIncludes, pluginDependencyExcludes, "Plugin Dependencies",
+                                getLog() ), false ),
+                        "Plugin Dependencies" );
             }
         }
-        catch ( ArtifactMetadataRetrievalException e )
+        catch ( ArtifactMetadataRetrievalException | MavenProjectUtils.VersionRetrievalException e )
         {
             throw new MojoExecutionException( e.getMessage(), e );
         }
@@ -627,72 +507,6 @@ static void validateGAVList( List<String> gavList, int numSections, String argum
         }
     }
 
-    private Set<Dependency> filterDependencyIncludes( Set<Dependency> dependencies )
-    {
-        return filterDependencies( dependencies, dependencyIncludes, dependencyExcludes, "Dependencies" );
-    }
-
-    private Set<Dependency> filterDependencyManagementIncludes( Set<Dependency> dependencyManagement )
-    {
-        return filterDependencies( dependencyManagement,
-                                   dependencyManagementIncludes, dependencyManagementExcludes, "Dependecy Management" );
-    }
-
-    private Set<Dependency> filterPluginDependencyIncludes( Set<Dependency> dependencies )
-    {
-        return filterDependencies( dependencies, pluginDependencyIncludes, pluginDependencyExcludes,
-                "Plugin Dependencies" );
-    }
-
-    private Set<Dependency> filterPluginManagementIncludes( Set<Dependency> dependencyManagement )
-    {
-        return filterDependencies( dependencyManagement,
-                pluginManagementDependencyIncludes, pluginManagementDependencyExcludes,
-                "Plugin Management Dependencies" );
-    }
-
-    private Set<Dependency> filterDependencies(
-        Set<Dependency> dependencies,
-        List<String> includes,
-        List<String> excludes,
-        String section
-    )
-    {
-        DependencyFilter includeDeps = DependencyFilter.parseFrom( includes );
-        DependencyFilter excludeDeps = DependencyFilter.parseFrom( excludes );
-
-        Set<Dependency> filtered = includeDeps.retainingIn( dependencies );
-        filtered = excludeDeps.removingFrom( filtered );
-
-        if ( getLog().isDebugEnabled() )
-        {
-            getLog().debug( String.format( "parsed includes in %s: %s -> %s", section, includes, includeDeps ) );
-            getLog().debug( String.format( "parsed excludes in %s: %s -> %s", section, excludes, excludeDeps ) );
-            getLog().debug( String.format( "Unfiltered %s: ", section ) + output( dependencies ) );
-            getLog().debug( String.format( "Filtered %s: ", section ) + output( filtered ) );
-        }
-
-        return filtered;
-    }
-
-    private String output( Set<Dependency> dependencies )
-    {
-        return dependencies.stream()
-                .map( d -> String.format( "%s:%s:%s", d.getGroupId(), d.getArtifactId(), d.getVersion() ) )
-                .collect( Collectors.joining( ", " ) );
-    }
-    private DependencyManagement getProjectDependencyManagement( MavenProject project )
-    {
-        if ( processDependencyManagementTransitive )
-        {
-            return project.getDependencyManagement();
-        }
-        else
-        {
-            return project.getOriginalModel().getDependencyManagement();
-        }
-    }
-
     private Optional<Segment> calculateUpdateScope()
     {
         return allowAnyUpdates
diff --git a/versions-maven-plugin/src/site/markdown/enforcer/max-dependency-updates.md b/versions-maven-plugin/src/site/markdown/enforcer/max-dependency-updates.md
new file mode 100644
index 0000000000..0de29930ec
--- /dev/null
+++ b/versions-maven-plugin/src/site/markdown/enforcer/max-dependency-updates.md
@@ -0,0 +1,112 @@
+title: Introduction
+author: Andrzej Jarmoniuk
+date: 2022-10-27
+
+<!---
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+  https://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+# Max Dependency Updates
+
+This Maven Enforcer rule checks if the number of dependency updates does not exceed the given threshold.
+
+The following parameters are supported by this rule:
+
+| Parameter                                     |  Default   | Description                                                                                                                                                                                                                                                                      |
+|-----------------------------------------------|:----------:|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `maxUpdates`                                  |    `0`     | The total maximum allowed number of dependency updates.                                                                                                                                                                                                                          |
+| `processDependencies`                         |   `true`   | Whether to process the dependencies section of the project.                                                                                                                                                                                                                      |     
+| `processDependencyManagement`                 |   `true`   | Whether to process the dependencyManagement section of the project.                                                                                                                                                                                                              |
+| `processDependencyManagementTransitive`       |   `true`   | Whether to process the dependencyManagement part transitive or not. In case of *type* `pom` and *scope* `import`, this means by default to report also the imported dependencies. If the parameter is set to false the report will only show updates of the imported pom itself. |
+| `processPluginDependencies`                   |   `true`   | Whether to process the dependencies sections of plugins.                                                                                                                                                                                                                         |
+| `processPluginDependenciesInPluginManagement` |   `true`   | Whether to process the dependencies sections of plugins which are defined in pluginManagement.                                                                                                                                                                                   | 
+| `ignoreMinorUpdates`                          |  `false`   | Whether minor updates should be ignored. Default `false`.<br/>**Note:** when true, will also assume that `ignoreIncrementalUpdates` and `ignoreSubIncrementalUpdates` are also `true`.                                                                                           |
+| `ignoreIncrementalUpdates`                    |  `false`   | Whether incremental updates should be ignored. Default `false`.<br/>**Note:** when true, will also assume that `ignoreSubIncrementalUpdates` is also `true`.                                                                                                                     |
+| `ignoreSubIncrementalUpdates`                 |  `false`   | Whether sub-incremental updates should be ignored. Default `false`.                                                                                                                                                                                                              |
+| `dependencyIncludes`                          |    `*`     | List of dependency inclusion patterns. Only dependencies matching all the patterns will be considered.<br/>The wildcard (`*`) can be used as the only, first, last or both characters in each token. The version token does support version ranges.                              |
+| `dependencyExcludes`                          |  (empty)   | List of dependency exclusion patterns. Only dependencies matching none of the patterns will be considered.<br/>The wildcard (`*`) can be used as the only, first, last or both characters in each token. The version token does support version ranges.                          |
+| `dependencyManagementIncludes`                |    `*`     | List of dependency management inclusion patterns. Only dependencies matching all the patterns will be considered.<br/>The wildcard (`*`) can be used as the only, first, last or both characters in each token. The version token does support version ranges.                   |
+| `dependencyManagementExcludes`                |  (empty)   | List of dependency management exclusion patterns. Only dependencies matching none of the patterns will be considered.<br/>The wildcard (`*`) can be used as the only, first, last or both characters in each token. The version token does support version ranges.               |
+| `pluginDependencyIncludes`                    |    `*`     | List of plugin dependency inclusion patterns. Only dependencies matching all the patterns will be considered.<br/>The wildcard (`*`) can be used as the only, first, last or both characters in each token. The version token does support version ranges.                       |
+| `pluginDependencyExcludes`                    |  (empty)   | List of plugin dependency exclusion patterns. Only dependencies matching none of the patterns will be considered.<br/>The wildcard (`*`) can be used as the only, first, last or both characters in each token. The version token does support version ranges.                   |
+| `pluginManagementDependencyIncludes`          |    `*`     | List of plugin management dependency inclusion patterns. Only dependencies matching all the patterns will be considered.<br/>The wildcard (`*`) can be used as the only, first, last or both characters in each token. The version token does support version ranges.            |
+| `pluginManagementDependencyExcludes`          |  (empty)   | List of plugin management dependency exclusion patterns. Only dependencies matching none of the patterns will be considered.<br/>The wildcard (`*`) can be used as the only, first, last or both characters in each token. The version token does support version ranges.        |
+| `serverId`                                    | `serverId` | *settings.xml*'s server id for the URL. This is used when wagon needs extra authentication information.                                                                                                                                                                          |
+| `rulesUri`                                    |            | URI of a ruleSet file containing the rules that control how to compare version numbers. The URI could be either a Wagon URI or a classpath URI (e.g. *classpath:\/\/\/package/sub/package/rules.xml*).                                                                           |
+| `ruleSet`                                     |            | Allows specifying the `RuleSet` object describing rules on artifact versions to ignore when considering updates.<br/> See: [Using the ruleSet element in the POM](../version-rules.html#Using_the_ruleSet_element_in_the_POM)                                                    |
+
+**Note:** Inclusion/exclusion parameters like `dependencyIncludes`, `dependencyExcludes`, etc. work the same way as parameters
+of the same name of the [versions:display-dependency-updates](../display-dependency-updates-mojo.html) goal
+of the plugin.
+
+The parameters accept a list of *extended GAV* patterns, meaning patterns of:
+
+`groupId:artifactId:version:type:classifier:scope`
+
+of which only `groupId` is obligatory. On top of that, all of the components can be replaced with the asterisk (`*`)
+character in which case it will match all values.
+
+So, e.g. both of the below patterns:
+- `org.codehaus.mojo`
+- `org.codehaus.mojo:*`
+
+will match all artifacts with groupId `org.codehaus.mojo`.
+
+### Sample Plugin Configuration
+
+Below a rundimentary example of using the enforcer rule. The example assumes that the versions of both
+the enforcer plugin as well as the versions plugin are set elsewhere (using dependencyManagement).
+
+The below example specifies a rule which will not allow any updates except for updates of `localhost:dummy-api`.
+It will also ignore all sub-incremental updates.
+
+```xml
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    ...
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <goals>
+                    <goal>enforce</goal>
+                </goals>
+                <configuration>
+                    <rules>
+                        <maxDependencyUpdates>
+                            <maxUpdates>0</maxUpdates>
+                            <dependencyExcludes>
+                                <dependencyExclude>localhost:dummy-api</dependencyExclude>
+                            </dependencyExcludes>
+                            <ignoreSubIncrementalUpdates>true</ignoreSubIncrementalUpdates>
+                        </maxDependencyUpdates>
+                    </rules>
+                </configuration>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>versions-maven-plugin</artifactId>
+                    </dependency>
+                </dependencies>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
+```
\ No newline at end of file
diff --git a/versions-maven-plugin/src/site/markdown/index.md b/versions-maven-plugin/src/site/markdown/index.md
index f008eb1a60..8637281b08 100644
--- a/versions-maven-plugin/src/site/markdown/index.md
+++ b/versions-maven-plugin/src/site/markdown/index.md
@@ -86,6 +86,12 @@ The Versions Plugin has the following reporting goals.
 * [versions:parent-updates-report](./parent-updates-report-mojo.html) produces a report on possible parent artifact
   upgrades.
 
+## Enforcer rules overview
+
+The Versions Plugin currently provides one Maven Enforcer Plugin rule:
+* [maxDependencyUpdates](./enforcer/max-dependency-updates.html) allows the user to specify a maximum number of updates which,
+  if exceeded, will trigger the enforcer plugin to fail.
+
 ## Usage
 
 General instructions on how to use the Versions Plugin can be found on the [usage page](./usage.html). Some more
diff --git a/versions-maven-plugin/src/test/resources/org/codehaus/mojo/max-dependency-upgrades/pom.xml b/versions-maven-plugin/src/test/resources/org/codehaus/mojo/max-dependency-upgrades/pom.xml
new file mode 100644
index 0000000000..c869d723f4
--- /dev/null
+++ b/versions-maven-plugin/src/test/resources/org/codehaus/mojo/max-dependency-upgrades/pom.xml
@@ -0,0 +1,44 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>default-group</groupId>
+    <artifactId>default-artifact</artifactId>
+    <version>1.0</version>
+    <packaging>pom</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>default-group</groupId>
+            <artifactId>artifactA</artifactId>
+            <version>1.0.0</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>3.1.0</version>
+                <goals>
+                    <goal>enforce</goal>
+                </goals>
+                <configuration>
+                    <rules>
+                        <maxDependencyUpgrades>
+                            <maxUpgrades>0</maxUpgrades>
+                        </maxDependencyUpgrades>
+                    </rules>
+                    <fail>true</fail>
+                </configuration>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>versions-maven-plugin</artifactId>
+                        <version>${project.version}</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/versions-test/pom.xml b/versions-test/pom.xml
new file mode 100644
index 0000000000..1ddf047d9e
--- /dev/null
+++ b/versions-test/pom.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>versions</artifactId>
+        <groupId>org.codehaus.mojo.versions</groupId>
+        <version>2.14.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>versions-test</artifactId>
+
+    <name>Versions Test</name>
+    <description>Test utilities</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-compat</artifactId>
+            <version>${mavenVersion}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven.doxia</groupId>
+            <artifactId>doxia-integration-tools</artifactId>
+            <version>${doxiaVersion}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven.doxia</groupId>
+            <artifactId>doxia-site-renderer</artifactId>
+            <version>${doxia-sitetoolsVersion}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.mojo.versions</groupId>
+            <artifactId>versions-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-inline</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven.plugin-testing</groupId>
+            <artifactId>maven-plugin-testing-harness</artifactId>
+        </dependency>
+    </dependencies>
+
+</project>
\ No newline at end of file
diff --git a/versions-maven-plugin/src/test/java/org/codehaus/mojo/versions/utils/MockUtils.java b/versions-test/src/main/java/org/codehaus/mojo/versions/utils/MockUtils.java
similarity index 100%
rename from versions-maven-plugin/src/test/java/org/codehaus/mojo/versions/utils/MockUtils.java
rename to versions-test/src/main/java/org/codehaus/mojo/versions/utils/MockUtils.java
index 991a944098..2e9d286b99 100644
--- a/versions-maven-plugin/src/test/java/org/codehaus/mojo/versions/utils/MockUtils.java
+++ b/versions-test/src/main/java/org/codehaus/mojo/versions/utils/MockUtils.java
@@ -1,3 +1,5 @@
+package org.codehaus.mojo.versions.utils;
+
 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
@@ -17,8 +19,6 @@
  * under the License.
  */
 
-package org.codehaus.mojo.versions.utils;
-
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
diff --git a/versions-maven-plugin/src/test/java/org/codehaus/mojo/versions/utils/TestChangeRecorder.java b/versions-test/src/main/java/org/codehaus/mojo/versions/utils/TestChangeRecorder.java
similarity index 100%
rename from versions-maven-plugin/src/test/java/org/codehaus/mojo/versions/utils/TestChangeRecorder.java
rename to versions-test/src/main/java/org/codehaus/mojo/versions/utils/TestChangeRecorder.java
diff --git a/versions-maven-plugin/src/test/java/org/codehaus/mojo/versions/utils/TestUtils.java b/versions-test/src/main/java/org/codehaus/mojo/versions/utils/TestUtils.java
similarity index 100%
rename from versions-maven-plugin/src/test/java/org/codehaus/mojo/versions/utils/TestUtils.java
rename to versions-test/src/main/java/org/codehaus/mojo/versions/utils/TestUtils.java