Checksum validation failed

Q: How do I prevent maven:CHECKSUM_VALIDATION_FAILED in CI?

Use a repository manager proxy to provide consistent artifacts/checksums to all builds. Avoid mixing multiple repository URLs/mirrors for the same coordinates. Keep build caches healthy by cleaning only the specific corrupted artifact directories when needed.

What This Error Means

Maven downloaded the artifact, but checksum verification failed, usually because the file is corrupted or a repository or proxy served different bytes.

Read this as a precise clue about which part of the workflow broke first. Once you know the failing layer, the fix path gets much shorter.

Fix the integrity mismatch

Delete the affected artifact directory under ~/.m2/repository/ so Maven must re-download it.

Force a remote re-check once:mvn -U -DskipTests package

If the failure persists, route all builds through a single repository manager proxy to avoid inconsistent upstreams.

If you control the repository, verify that checksum files match the stored artifacts and repair/re-publish the bad artifacts.

Why It Happens

Usually this comes down to a previous download was interrupted, leaving a truncated artifact in the local repository, a proxy/cache served stale or corrupted content, the repository contains inconsistent metadata (artifact and checksum files are out of sync), or multiple repositories/mirrors with different content are being used for the same coordinates.

Verify the Fix

Re-run the Maven build and confirm the checksum error is gone, and confirm the artifact can be downloaded consistently on a second machine/environment.

Manual integrity checks

Identify the specific artifact/version that failed checksum validation from the Maven output.

Delete the artifact version directory under ~/.m2/repository/<groupId path>/<artifactId>/<version>/ to force a clean re-download.

Force updates once:mvn -U -DskipTests package

Examples

[ERROR] Checksum validation failed, no checksums available
[ERROR] Checksum validation failed

How Maven verifies artifact integrity

Repositories typically publish checksum files (for example .sha1 / .md5) alongside artifacts. Maven uses these checksums to verify that downloaded files were not corrupted or altered in transit. Checksum failures often indicate a partial download, a caching proxy serving stale content, or inconsistent repositories.

Prevent It From Coming Back

To prevent this, use a repository manager proxy to provide consistent artifacts/checksums to all builds, avoid mixing multiple repository URLs/mirrors for the same coordinates, and keep build caches healthy by cleaning only the specific corrupted artifact directories when needed.

Docs and source code

github.com/apache/maven/blob/maven-3.9.6/maven-core/src/main/java/org/apache/maven/project/DefaultProjectDependenciesResolver.java

Checksum verification failures are raised by the underlying resolver layer and bubbled up into Maven via the exception message (e.getMessage()). - GitHub

String msg = "Could not resolve dependencies for project " + project.getId() + ": " + e.getMessage();
DependencyResolutionException dex = new DependencyResolutionException(msg, e);
dex.setResult(e.getResult());
throw dex;