From 064236ed5bf3c7cf6de1279b804dae2dd2043d3d Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 22:56:36 -0700
Subject: [PATCH 01/18] Added Dependency plugin to Reporting section because it
 has an excellent Dependency Analysis Report.

---
 pom.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pom.xml b/pom.xml
index a40a9bde1..92a976c82 100644
--- a/pom.xml
+++ b/pom.xml
@@ -362,6 +362,10 @@ Copyright (c) 2012 - Jeremy Long
     </build>
     <reporting>
         <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-project-info-reports-plugin</artifactId>

From c35276e3dfb98d63d1c6c34f58f212f533edd81b Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 23:15:35 -0700
Subject: [PATCH 02/18] Reporting section for gradle module is completely
 redundant with the parent pom.  It can be removed and will generate the same
 report.

---
 dependency-check-gradle/pom.xml | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml
index a1bc9bc4d..26d09d5c5 100644
--- a/dependency-check-gradle/pom.xml
+++ b/dependency-check-gradle/pom.xml
@@ -67,22 +67,4 @@ Copyright (c) 2015 Wei Ma. All Rights Reserved.
             </plugin>
         </plugins>
     </build>
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
-        </plugins>
-    </reporting>
 </project>

From d74218004adee84efba3761308c97e8ce4717ba1 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 23:17:28 -0700
Subject: [PATCH 03/18] Reporting section for jenkins module is completely
 redundant with the parent pom.  It can be removed and will generate the same
 report.

---
 dependency-check-jenkins/pom.xml | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index 986e425c6..5a1bce2e1 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -71,22 +71,4 @@
             </plugin>
         </plugins>
     </build>
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
-        </plugins>
-    </reporting>
 </project>

From e433809f4dfb79ed081d4687508acbbeaa22322a Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 23:57:53 -0700
Subject: [PATCH 04/18] Moved maven-jxr-plugin and
 maven-project-info-reports-plugin reporting declarations into the parent pom.
  No need to duplicate in child modules.  Utils did not have project-info
 reports, but there does not seem to be a good reason.  Also note that the JXR
 plugin is naturally skipped when it does not apply (there is no java code),
 so not necessary to explicitly skip it for gradle and jenkins modules.

---
 dependency-check-ant/pom.xml   |  5 -----
 dependency-check-cli/pom.xml   | 19 -------------------
 dependency-check-core/pom.xml  | 19 -------------------
 dependency-check-maven/pom.xml | 19 -------------------
 dependency-check-utils/pom.xml |  5 -----
 pom.xml                        | 11 +++++++----
 6 files changed, 7 insertions(+), 71 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 7e7208aef..c1eb45c50 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -317,11 +317,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index c76f50b72..c7dac3bdc 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -178,20 +178,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
@@ -222,11 +208,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index f77e3b9b4..9d438259e 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -228,20 +228,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
@@ -272,11 +258,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 49231cc42..88346dd4f 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -127,20 +127,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
@@ -179,11 +165,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 21ce57bdd..74f778b6a 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -135,11 +135,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index 92a976c82..fd6b6b457 100644
--- a/pom.xml
+++ b/pom.xml
@@ -133,12 +133,9 @@ Copyright (c) 2012 - Jeremy Long
         <reporting.cobertura-plugin.version>2.6</reporting.cobertura-plugin.version>
         <reporting.findbugs-plugin.version>3.0.1</reporting.findbugs-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
-        <reporting.jxr-plugin.version>2.5</reporting.jxr-plugin.version>
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
-        <!-- TODO(code review) project-info-reports-plugin was/is not used in utils. Expected/intended? -->
-        <reporting.project-info-reports-plugin.version>2.8</reporting.project-info-reports-plugin.version>
         <reporting.surefire-report-plugin.version>2.18.1</reporting.surefire-report-plugin.version>
         <reporting.taglist-plugin.version>2.4</reporting.taglist-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
@@ -366,10 +363,15 @@ Copyright (c) 2012 - Jeremy Long
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-dependency-plugin</artifactId>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jxr-plugin</artifactId>
+                <version>2.5</version>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
+                <version>2.8</version>
                 <reportSets>
                     <reportSet>
                         <reports>
@@ -393,6 +395,7 @@ Copyright (c) 2012 - Jeremy Long
                     </reportSet>
                 </reportSets>
             </plugin>
+
         </plugins>
     </reporting>
     <dependencyManagement>

From 9b92007effb7f755a93139da0822d9cd63982992 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 00:23:24 -0700
Subject: [PATCH 05/18] Centralized cobertura plugin to the parent pom and was
 able to upgrade it from 2.6 to 2.7.

---
 dependency-check-ant/pom.xml   |  5 -----
 dependency-check-cli/pom.xml   |  5 -----
 dependency-check-core/pom.xml  |  5 -----
 dependency-check-maven/pom.xml |  5 -----
 dependency-check-utils/pom.xml |  5 -----
 pom.xml                        | 15 +++++++++++++--
 6 files changed, 13 insertions(+), 27 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index c1eb45c50..79d8a9c94 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -317,11 +317,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index c7dac3bdc..2666d4367 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -208,11 +208,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 9d438259e..0a875c1f8 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -258,11 +258,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 88346dd4f..0c88386a3 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -165,11 +165,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 74f778b6a..d57c40680 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -135,11 +135,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index fd6b6b457..15a35c6ef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -130,7 +130,7 @@ Copyright (c) 2012 - Jeremy Long
         <slf4j.version>1.7.12</slf4j.version>
         <logback.version>1.1.3</logback.version>
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
-        <reporting.cobertura-plugin.version>2.6</reporting.cobertura-plugin.version>
+        <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
         <reporting.findbugs-plugin.version>3.0.1</reporting.findbugs-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
@@ -395,7 +395,18 @@ Copyright (c) 2012 - Jeremy Long
                     </reportSet>
                 </reportSets>
             </plugin>
-
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>cobertura-maven-plugin</artifactId>
+                <version>${reporting.cobertura-plugin.version}</version>
+                <reportSets>
+                    <reportSet>
+                        <reports>
+                            <report>cobertura</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
         </plugins>
     </reporting>
     <dependencyManagement>

From 5c53b6528f7a28e964dc6102e945fc5ac69e1201 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 00:51:28 -0700
Subject: [PATCH 06/18] Centralized the findbugs-maven-plugin to the parent
 pom.  Gradle and Jenkins modules skip it naturally.  The onlyAnlyze setting
 for utils is maintained via a property.  Also was able to upgrade to latest
 plugin, version 3.0.2.

---
 dependency-check-ant/pom.xml   | 5 -----
 dependency-check-cli/pom.xml   | 5 -----
 dependency-check-core/pom.xml  | 5 -----
 dependency-check-maven/pom.xml | 5 -----
 dependency-check-utils/pom.xml | 9 +--------
 pom.xml                        | 7 ++++++-
 6 files changed, 7 insertions(+), 29 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 79d8a9c94..2317d1e02 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -385,11 +385,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 2666d4367..f71f41097 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -276,11 +276,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 0a875c1f8..d18a2c347 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -333,11 +333,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 0c88386a3..458fb9972 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -234,11 +234,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index d57c40680..1175ea09c 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -38,6 +38,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     <!-- end copy -->
 
     <properties>
+        <findbugs.onlyAnalyze>org.owasp.dependencycheck.utils.*</findbugs.onlyAnalyze>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
     <build>
@@ -203,14 +204,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-                <configuration>
-                    <onlyAnalyze>org.owasp.dependencycheck.utils.*</onlyAnalyze>
-                </configuration>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/pom.xml b/pom.xml
index 15a35c6ef..e72f8be3c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,7 +131,7 @@ Copyright (c) 2012 - Jeremy Long
         <logback.version>1.1.3</logback.version>
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
-        <reporting.findbugs-plugin.version>3.0.1</reporting.findbugs-plugin.version>
+        <reporting.findbugs-plugin.version>3.0.2</reporting.findbugs-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
@@ -407,6 +407,11 @@ Copyright (c) 2012 - Jeremy Long
                     </reportSet>
                 </reportSets>
             </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>findbugs-maven-plugin</artifactId>
+                <version>${reporting.findbugs-plugin.version}</version>
+            </plugin>
         </plugins>
     </reporting>
     <dependencyManagement>

From ece4cb03ad8b06b40a13b475db5d959190424815 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 00:53:53 -0700
Subject: [PATCH 07/18] project.build.sourceEncoding is already specified in
 the parent pom, so this is not necessary.

---
 dependency-check-utils/pom.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 1175ea09c..39e39e80c 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -39,7 +39,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
 
     <properties>
         <findbugs.onlyAnalyze>org.owasp.dependencycheck.utils.*</findbugs.onlyAnalyze>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
     <build>
         <plugins>

From a32fa69823da0e829da671d6f3db938b653f0c5b Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 01:29:17 -0700
Subject: [PATCH 08/18] Moved taglist-maven-plugin to the parent pom.  (Gradle
 and Jenkins modules don't have them -- before or after.)  This will make it
 easier to manage and evolve.

---
 dependency-check-ant/pom.xml   | 24 ------------------------
 dependency-check-cli/pom.xml   | 24 ------------------------
 dependency-check-core/pom.xml  | 24 ------------------------
 dependency-check-maven/pom.xml | 24 ------------------------
 dependency-check-utils/pom.xml | 24 ------------------------
 pom.xml                        | 25 ++++++++++++++++++++++++-
 6 files changed, 24 insertions(+), 121 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 2317d1e02..5827326f6 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -329,30 +329,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index f71f41097..6cd28de0d 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -220,30 +220,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index d18a2c347..9adb4e4ae 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -277,30 +277,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 458fb9972..bc8999dcd 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -177,30 +177,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 39e39e80c..a755877f0 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -147,30 +147,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index e72f8be3c..3b9aa98bd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -137,7 +137,6 @@ Copyright (c) 2012 - Jeremy Long
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
         <reporting.surefire-report-plugin.version>2.18.1</reporting.surefire-report-plugin.version>
-        <reporting.taglist-plugin.version>2.4</reporting.taglist-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
     <distributionManagement>
@@ -412,6 +411,30 @@ Copyright (c) 2012 - Jeremy Long
                 <artifactId>findbugs-maven-plugin</artifactId>
                 <version>${reporting.findbugs-plugin.version}</version>
             </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>taglist-maven-plugin</artifactId>
+                <version>2.4</version>
+                <configuration>
+                    <tagListOptions>
+                        <tagClasses>
+                            <tagClass>
+                                <displayName>Todo Work</displayName>
+                                <tags>
+                                    <tag>
+                                        <matchString>todo</matchString>
+                                        <matchType>ignoreCase</matchType>
+                                    </tag>
+                                    <tag>
+                                        <matchString>FIXME</matchString>
+                                        <matchType>exact</matchType>
+                                    </tag>
+                                </tags>
+                            </tagClass>
+                        </tagClasses>
+                    </tagListOptions>
+                </configuration>
+            </plugin>
         </plugins>
     </reporting>
     <dependencyManagement>

From 7ccb77fb57109b83260d41c53dd7232155adcb94 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 01:32:00 -0700
Subject: [PATCH 09/18] Removed unnecessary property for findbugs-maven-plugin
 since it is now only declared once.

---
 pom.xml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3b9aa98bd..5a24225a3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,7 +131,6 @@ Copyright (c) 2012 - Jeremy Long
         <logback.version>1.1.3</logback.version>
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
-        <reporting.findbugs-plugin.version>3.0.2</reporting.findbugs-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
@@ -409,7 +408,7 @@ Copyright (c) 2012 - Jeremy Long
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
+                <version>3.0.2</version>
             </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>

From 7b47b7549d248c83da5487bc4e8daf17d5875423 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 01:42:01 -0700
Subject: [PATCH 10/18] Removed redundant declarations for
 maven-compiler-plugin and maven-jar-plugin.

---
 dependency-check-ant/pom.xml   | 8 --------
 dependency-check-cli/pom.xml   | 4 ----
 dependency-check-maven/pom.xml | 4 ----
 dependency-check-utils/pom.xml | 4 ----
 4 files changed, 20 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 5827326f6..3bc99758c 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -190,14 +190,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 6cd28de0d..9a9c55aba 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -124,10 +124,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </systemProperties>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>appassembler-maven-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index bc8999dcd..f9a2123de 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -119,10 +119,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-            </plugin>
         </plugins>
     </build>
     <reporting>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index a755877f0..e21ce22fc 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -97,10 +97,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-failsafe-plugin</artifactId>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-            </plugin>
         </plugins>
     </build>
     <reporting>

From 51e66354b0ee5c77403cc43d336d62cd5faf1130 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 11:18:56 -0700
Subject: [PATCH 11/18] No need to explicitly add a jar goal when it implicitly
 exists already for a jar module.

---
 dependency-check-core/pom.xml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 9adb4e4ae..bdb5ea5c2 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -110,13 +110,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
                 <executions>
-                    <execution>
-                        <id>jar</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
                     <execution>
                         <id>test-jar</id>
                         <phase>package</phase>

From d0f884f5b2833ebcbbd52b8fd17f0c15dd918420 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 12:56:36 -0700
Subject: [PATCH 12/18] Centralized the maven-surefire-report-plugin to the
 parent pom.  Note that gradle and jenkins modules are skipped since it does
 not apply.

---
 dependency-check-ant/pom.xml     | 12 ------------
 dependency-check-cli/pom.xml     | 12 ------------
 dependency-check-core/pom.xml    |  6 ------
 dependency-check-gradle/pom.xml  |  4 ++++
 dependency-check-jenkins/pom.xml |  5 +++++
 dependency-check-maven/pom.xml   | 12 ------------
 dependency-check-utils/pom.xml   | 12 ------------
 pom.xml                          | 13 ++++++++++++-
 8 files changed, 21 insertions(+), 55 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 3bc99758c..d6b254a04 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -309,18 +309,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 9a9c55aba..28260e353 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -204,18 +204,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index bdb5ea5c2..e85915851 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -254,13 +254,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
                 <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
                     <reportSet>
                         <id>integration-tests</id>
                         <reports>
diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml
index 26d09d5c5..726658554 100644
--- a/dependency-check-gradle/pom.xml
+++ b/dependency-check-gradle/pom.xml
@@ -48,6 +48,10 @@ Copyright (c) 2015 Wei Ma. All Rights Reserved.
             <url>${basedir}/../target/site/${project.version}/dependency-check-gradle</url>
         </site>
     </distributionManagement>
+    <properties>
+        <!-- Skip the surefire report since there are no tests... -->
+        <skipSurefireReport>true</skipSurefireReport>
+    </properties>
     <!-- end copy -->
     <build>
         <plugins>
diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index 5a1bce2e1..1c5158417 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -19,6 +19,11 @@
     </distributionManagement>
     <!-- end copy -->
 
+    <properties>
+        <!-- Skip the surefire report since there are no tests... -->
+        <skipSurefireReport>true</skipSurefireReport>
+    </properties>
+
     <packaging>pom</packaging>
     <inceptionYear>2012</inceptionYear>
     <organization>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index f9a2123de..46e8e05e1 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -161,18 +161,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index e21ce22fc..01738661b 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -131,18 +131,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index 5a24225a3..044aaaf8e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,6 @@ Copyright (c) 2012 - Jeremy Long
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
-        <reporting.surefire-report-plugin.version>2.18.1</reporting.surefire-report-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
     <distributionManagement>
@@ -393,6 +392,18 @@ Copyright (c) 2012 - Jeremy Long
                     </reportSet>
                 </reportSets>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+                <version>2.18.1</version>
+                <reportSets>
+                    <reportSet>
+                        <reports>
+                            <report>report-only</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>

From b481f012179a8b72e2673064bf3929e37598139f Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 13:05:17 -0700
Subject: [PATCH 13/18] Moved the maven-plugin-plugin declarations into the
 maven module since it is unique to that module.

---
 dependency-check-maven/pom.xml | 6 +++++-
 pom.xml                        | 7 -------
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 46e8e05e1..0cac371fd 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -40,6 +40,9 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         </site>
     </distributionManagement>
     <!-- end copy -->
+    <properties>
+        <version.maven-plugin-plugin>3.4</version.maven-plugin-plugin>
+    </properties>
     <build>
         <resources>
             <resource>
@@ -63,6 +66,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
+                <version>${version.maven-plugin-plugin}</version>
                 <configuration>
                     <skipErrorNoDescriptorsFound>true</skipErrorNoDescriptorsFound>
                     <goalPrefix>dependency-check</goalPrefix>
@@ -126,7 +130,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
-                <version>${reporting.maven-plugin-plugin.version}</version>
+                <version>${version.maven-plugin-plugin}</version>
                 <configuration>
                     <goalPrefix>dependency-check</goalPrefix>
                 </configuration>
diff --git a/pom.xml b/pom.xml
index 044aaaf8e..e19c0804a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,8 +132,6 @@ Copyright (c) 2012 - Jeremy Long
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
-        <!-- todo(code review): only used in maven module? Not needed elsewhere -->
-        <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
@@ -210,11 +208,6 @@ Copyright (c) 2012 - Jeremy Long
                     <artifactId>maven-jar-plugin</artifactId>
                     <version>2.6</version>
                 </plugin>
-                <plugin>
-                    <groupId>org.apache.maven.plugins</groupId>
-                    <artifactId>maven-plugin-plugin</artifactId>
-                    <version>${reporting.maven-plugin-plugin.version}</version>
-                </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-release-plugin</artifactId>

From ab782054a19550758faedf3a8fdda52d85b73ddc Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 13:37:04 -0700
Subject: [PATCH 14/18] Missed this lingering redundant
 maven-project-info-reports-plugin declaration.

---
 dependency-check-ant/pom.xml | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index d6b254a04..cfd929232 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -265,20 +265,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>

From 717f6240e3d67293f2f948ed42633ae415307b9e Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 20:51:56 -0700
Subject: [PATCH 15/18] Centralized javadoc reporting to parent pom.

---
 dependency-check-ant/pom.xml   | 17 -----------------
 dependency-check-cli/pom.xml   | 17 -----------------
 dependency-check-core/pom.xml  | 17 -----------------
 dependency-check-maven/pom.xml | 17 -----------------
 dependency-check-utils/pom.xml | 17 -----------------
 pom.xml                        | 18 +++++++++++++++++-
 6 files changed, 17 insertions(+), 86 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index cfd929232..e2a282c87 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -265,23 +265,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 28260e353..ce7b64a68 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -174,23 +174,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyright� 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index e85915851..d8cf8b4bd 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -221,23 +221,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 0cac371fd..c5e06b925 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -135,23 +135,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     <goalPrefix>dependency-check</goalPrefix>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyright� 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 01738661b..0dda10c35 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -101,23 +101,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index e19c0804a..845f017cc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,7 +131,6 @@ Copyright (c) 2012 - Jeremy Long
         <logback.version>1.1.3</logback.version>
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
-        <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
@@ -353,6 +352,23 @@ Copyright (c) 2012 - Jeremy Long
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-dependency-plugin</artifactId>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>2.10.3</version>
+                <configuration>
+                    <failOnError>false</failOnError>
+                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
+                </configuration>
+                <reportSets>
+                    <reportSet>
+                        <id>default</id>
+                        <reports>
+                            <report>javadoc</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jxr-plugin</artifactId>

From 6d70332cd6a2af53a9361b1485c500ee3865b6c7 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 22:21:50 -0700
Subject: [PATCH 16/18] Centralized the Versions report to the parent pom.

---
 dependency-check-ant/pom.xml     | 13 -------------
 dependency-check-cli/pom.xml     | 13 -------------
 dependency-check-core/pom.xml    | 13 -------------
 dependency-check-gradle/pom.xml  |  2 ++
 dependency-check-jenkins/pom.xml |  2 ++
 dependency-check-maven/pom.xml   | 13 -------------
 dependency-check-utils/pom.xml   | 13 -------------
 pom.xml                          | 14 +++++++++++++-
 8 files changed, 17 insertions(+), 66 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index e2a282c87..199bd1d2c 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -265,19 +265,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index ce7b64a68..0a1a7558b 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -174,19 +174,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index d8cf8b4bd..88f006831 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -221,19 +221,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml
index 726658554..d8131070f 100644
--- a/dependency-check-gradle/pom.xml
+++ b/dependency-check-gradle/pom.xml
@@ -51,6 +51,8 @@ Copyright (c) 2015 Wei Ma. All Rights Reserved.
     <properties>
         <!-- Skip the surefire report since there are no tests... -->
         <skipSurefireReport>true</skipSurefireReport>
+        <!-- Skip the versions report since there are no dependencies... -->
+        <versions.skip>true</versions.skip>
     </properties>
     <!-- end copy -->
     <build>
diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index 1c5158417..cdec04161 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -22,6 +22,8 @@
     <properties>
         <!-- Skip the surefire report since there are no tests... -->
         <skipSurefireReport>true</skipSurefireReport>
+        <!-- Skip the versions report since there are no dependencies... -->
+        <versions.skip>true</versions.skip>
     </properties>
 
     <packaging>pom</packaging>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index c5e06b925..95b4c7216 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -135,19 +135,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     <goalPrefix>dependency-check</goalPrefix>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 0dda10c35..1d558b279 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -101,19 +101,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index 845f017cc..1a4632f94 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,7 +132,6 @@ Copyright (c) 2012 - Jeremy Long
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
-        <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
     <distributionManagement>
         <site>
@@ -454,6 +453,19 @@ Copyright (c) 2012 - Jeremy Long
                     </tagListOptions>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>versions-maven-plugin</artifactId>
+                <version>2.2</version>
+                <reportSets>
+                    <reportSet>
+                        <reports>
+                            <report>dependency-updates-report</report>
+                            <report>plugin-updates-report</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
         </plugins>
     </reporting>
     <dependencyManagement>

From 8ad1639b021bdfc6d50b5dd336872e3d0e9d62f8 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 22:30:01 -0700
Subject: [PATCH 17/18] License is inherited from Parent POM -- no need to
 restate unless it is different.

---
 dependency-check-gradle/pom.xml  | 6 ------
 dependency-check-jenkins/pom.xml | 6 ------
 2 files changed, 12 deletions(-)

diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml
index d8131070f..372562a66 100644
--- a/dependency-check-gradle/pom.xml
+++ b/dependency-check-gradle/pom.xml
@@ -34,12 +34,6 @@ Copyright (c) 2015 Wei Ma. All Rights Reserved.
     <description>dependency-check-gradle is a Gradle Plugin that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the project's dependencies. The plugin will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability and Exposure (CVE) entries.</description>
     <inceptionYear>2015</inceptionYear>
 
-    <licenses>
-        <license>
-            <name>The Apache Software License, Version 2.0</name>
-            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-        </license>
-    </licenses>
     <!-- begin copy from http://minds.coremedia.com/2012/09/11/problem-solved-deploy-multi-module-maven-project-site-as-github-pages/ -->
     <distributionManagement>
         <site>
diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index cdec04161..e8020175e 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -54,12 +54,6 @@
         <system>github</system>
         <url>https://github.com/jenkinsci/dependency-check-jenkins/issues</url>
     </issueManagement>
-    <licenses>
-        <license>
-            <name>The Apache Software License, Version 2.0</name>
-            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-        </license>
-    </licenses>
     <build>
         <plugins>
             <plugin>

From 9b5ce1c3a6eba03b8184b74b66e080c334c8f570 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 23:20:15 -0700
Subject: [PATCH 18/18] Upgraded shade plugin to 2.4.1 (from 2.3).

---
 dependency-check-ant/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 199bd1d2c..57ccb527b 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -193,7 +193,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
-                <version>2.3</version>
+                <version>2.4.1</version>
                 <configuration>
                     <transformers>
                         <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />