Make it possible to trust some modules There are cases where it makes sense to trust some modules. For example, a company using a frequent release pace may want to trust their company artifacts (changing often so painful to update the configuration) more than the external dependencies.
This gives the opportunity to tell what are the trusted modules. The configuration requires at least a group name, but modules can be trusted on the whole (group, name, version, file name) tuple.
It is also possible to use regular expressions, for example one could use:
Make it possible to disable metadata verification This commit introduces basic configuration for dependency verification. The only thing that is configurable now is the ability to disable verification of metadata. This can be useful whenever the user only wants to trust artifacts, because addition of metadata in verification files can be quite verbose.