Getting reproducible builds with Java, ie. builds that always produce the same binary output, requires some tweaks since Java is not reproducible-friendly from the beginning: jar files, with files order and timestamp, is a first natural source of variation. In addition to issues caused by Java, some Maven plugins cause additional variations: see Maven Reproducible/Verifiable Builds Wiki page.
There are 2 main strategies to get reproducible builds:
post-process output to remove unwanted variance,
change build behaviour to avoid variance from start.
Since november 2019, the second strategy is available: read Maven - Guide to Configuring for Reproducible Builds.
Before, reality required to be able to post-process while working on initial variance removal (which may happen not only from Apache Maven’s Plugins but also from Maven Plugins in the large ecosystem) and dealing with the hard compromises that may arise.
Maven - Guide to Configuring for Reproducible Builds summaries how to configure your Maven build to get Reproducible Builds as part of your normal builds.
Work is tracked on Maven Reproducible/Verifiable Builds Wiki page.
A few implementations are available:
Reproducible Build Maven Plugin, a Maven Plugin from the large ecosystem that removes every known variance when bound at pre-integration-test phase,
Byteman rules TBD