From 94d1d611c70506ba5fd44ff1cd0ce57c98d2582c Mon Sep 17 00:00:00 2001
From: ma wei <wma@thoughtworks.com>
Date: Wed, 2 Sep 2015 13:45:06 +0800
Subject: [PATCH 01/58] add compatibility supports

---
 dependency-check-gradle/build.gradle | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle
index 931e9c767..5f14911ed 100644
--- a/dependency-check-gradle/build.gradle
+++ b/dependency-check-gradle/build.gradle
@@ -38,6 +38,9 @@ apply plugin: 'maven'
 apply plugin: 'signing'
 apply plugin: "com.gradle.plugin-publish"
 
+sourceCompatibility = 1.6
+targetCompatibility = 1.6
+
 repositories {
     mavenCentral()
 }

From 3fdcd12b4f829502658ff01f061e2566e4cb3d7d Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Wed, 2 Sep 2015 06:05:56 -0400
Subject: [PATCH 02/58] maven dependencies should be marked as provided per
 issue #329

---
 dependency-check-maven/pom.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index c9de29a1f..01a147122 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -155,7 +155,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                 <version>${reporting.javadoc-plugin.version}</version>
                 <configuration>
                     <failOnError>false</failOnError>
-                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
+                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
                 </configuration>
                 <reportSets>
                     <reportSet>
@@ -279,18 +279,22 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         <dependency>
             <groupId>org.apache.maven</groupId>
             <artifactId>maven-plugin-api</artifactId>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.maven</groupId>
             <artifactId>maven-settings</artifactId>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.maven</groupId>
             <artifactId>maven-core</artifactId>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-site-plugin</artifactId>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.maven.plugin-tools</groupId>
@@ -300,6 +304,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>
             <artifactId>maven-reporting-api</artifactId>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jmockit</groupId>

From 4632753f0222b58d5f3c551d0670fd04fb14f032 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Wed, 2 Sep 2015 06:42:36 -0400
Subject: [PATCH 03/58] commented out initial attempt at issue #22 to resolve
 issue #327

---
 .../maven/BaseDependencyCheckMojo.java        | 51 ++++++++++---------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index 82ccaf15a..374d172db 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -475,31 +475,32 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
                             getLog().debug(String.format("Adding project reference %s on dependency %s", project.getName(),
                                     d.getDisplayFileName()));
                         }
-                        if (metadataSource != null) {
-                            try {
-                                final DependencyVersion currentVersion = new DependencyVersion(a.getVersion());
-                                final List<ArtifactVersion> versions = metadataSource.retrieveAvailableVersions(a,
-                                        localRepository, remoteRepositories);
-                                for (ArtifactVersion av : versions) {
-                                    final DependencyVersion newVersion = new DependencyVersion(av.toString());
-                                    if (currentVersion.compareTo(newVersion) < 0) {
-                                        d.addAvailableVersion(av.toString());
-                                    }
-                                }
-                            } catch (ArtifactMetadataRetrievalException ex) {
-                                getLog().warn(
-                                        "Unable to check for new versions of dependencies; see the log for more details.");
-                                if (getLog().isDebugEnabled()) {
-                                    getLog().debug("", ex);
-                                }
-                            } catch (Throwable t) {
-                                getLog().warn(
-                                        "Unexpected error occured checking for new versions; see the log for more details.");
-                                if (getLog().isDebugEnabled()) {
-                                    getLog().debug("", t);
-                                }
-                            }
-                        }
+//                        //Removed - this was the start of tryinig to resolve issue #
+//                        if (metadataSource != null) {
+//                            try {
+//                                final DependencyVersion currentVersion = new DependencyVersion(a.getVersion());
+//                                final List<ArtifactVersion> versions = metadataSource.retrieveAvailableVersions(a,
+//                                        localRepository, remoteRepositories);
+//                                for (ArtifactVersion av : versions) {
+//                                    final DependencyVersion newVersion = new DependencyVersion(av.toString());
+//                                    if (currentVersion.compareTo(newVersion) < 0) {
+//                                        d.addAvailableVersion(av.toString());
+//                                    }
+//                                }
+//                            } catch (ArtifactMetadataRetrievalException ex) {
+//                                getLog().warn(
+//                                        "Unable to check for new versions of dependencies; see the log for more details.");
+//                                if (getLog().isDebugEnabled()) {
+//                                    getLog().debug("", ex);
+//                                }
+//                            } catch (Throwable t) {
+//                                getLog().warn(
+//                                        "Unexpected error occured checking for new versions; see the log for more details.");
+//                                if (getLog().isDebugEnabled()) {
+//                                    getLog().debug("", t);
+//                                }
+//                            }
+//                        }
                     }
                 } else {
                     if (getLog().isDebugEnabled()) {

From dd910cb5ec7ecc7a44d2b1338d382be7957a11f1 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Thu, 3 Sep 2015 00:48:06 -0700
Subject: [PATCH 04/58] Updated plugins.

---
 dependency-check-gradle/pom.xml  |  2 +-
 dependency-check-jenkins/pom.xml |  2 +-
 pom.xml                          | 28 ++++++++++++----------------
 3 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml
index 8bfaa9197..a1bc9bc4d 100644
--- a/dependency-check-gradle/pom.xml
+++ b/dependency-check-gradle/pom.xml
@@ -58,7 +58,7 @@ Copyright (c) 2015 Wei Ma. All Rights Reserved.
                     <dependency>
                         <groupId>org.apache.maven.doxia</groupId>
                         <artifactId>doxia-module-markdown</artifactId>
-                        <version>1.4</version>
+                        <version>1.6</version>
                     </dependency>
                 </dependencies>
                 <configuration>
diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index 7816728b6..986e425c6 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -62,7 +62,7 @@
                     <dependency>
                         <groupId>org.apache.maven.doxia</groupId>
                         <artifactId>doxia-module-markdown</artifactId>
-                        <version>1.4</version>
+                        <version>1.6</version>
                     </dependency>
                 </dependencies>
                 <configuration>
diff --git a/pom.xml b/pom.xml
index 7badae07c..a40a9bde1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -129,19 +129,19 @@ Copyright (c) 2012 - Jeremy Long
         <apache.lucene.version>4.7.2</apache.lucene.version>
         <slf4j.version>1.7.12</slf4j.version>
         <logback.version>1.1.3</logback.version>
-        <reporting.checkstyle-plugin.version>2.11</reporting.checkstyle-plugin.version>
+        <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.6</reporting.cobertura-plugin.version>
-        <reporting.findbugs-plugin.version>2.5.3</reporting.findbugs-plugin.version>
-        <reporting.javadoc-plugin.version>2.9.1</reporting.javadoc-plugin.version>
-        <reporting.jxr-plugin.version>2.4</reporting.jxr-plugin.version>
+        <reporting.findbugs-plugin.version>3.0.1</reporting.findbugs-plugin.version>
+        <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
+        <reporting.jxr-plugin.version>2.5</reporting.jxr-plugin.version>
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
-        <reporting.maven-plugin-plugin.version>3.2</reporting.maven-plugin-plugin.version>
-        <reporting.pmd-plugin.version>3.0.1</reporting.pmd-plugin.version>
+        <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
+        <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
         <!-- TODO(code review) project-info-reports-plugin was/is not used in utils. Expected/intended? -->
-        <reporting.project-info-reports-plugin.version>2.7</reporting.project-info-reports-plugin.version>
-        <reporting.surefire-report-plugin.version>2.16</reporting.surefire-report-plugin.version>
+        <reporting.project-info-reports-plugin.version>2.8</reporting.project-info-reports-plugin.version>
+        <reporting.surefire-report-plugin.version>2.18.1</reporting.surefire-report-plugin.version>
         <reporting.taglist-plugin.version>2.4</reporting.taglist-plugin.version>
-        <reporting.versions-plugin.version>2.1</reporting.versions-plugin.version>
+        <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
     <distributionManagement>
         <site>
@@ -189,7 +189,7 @@ Copyright (c) 2012 - Jeremy Long
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-enforcer-plugin</artifactId>
-                    <version>1.3.1</version>
+                    <version>1.4.1</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
@@ -234,11 +234,7 @@ Copyright (c) 2012 - Jeremy Long
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-site-plugin</artifactId>
-                    <!-- Before upgrading this to a newer version, verify the pages produced by `mvn site` still works.
-                    In particular, pay attention to all pages under "File type analyzers" as well as those under "General".
-                    Previously when testing with maven-site-plugin 3.4, these links have stopped working for some reason.
-                    -->
-                    <version>3.3</version>
+                    <version>3.4</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
@@ -334,7 +330,7 @@ Copyright (c) 2012 - Jeremy Long
                     <dependency>
                         <groupId>org.apache.maven.doxia</groupId>
                         <artifactId>doxia-module-markdown</artifactId>
-                        <version>1.5</version>
+                        <version>1.6</version>
                     </dependency>
                 </dependencies>
                 <configuration>

From c2b89015373e95e08b7b2e52694feed2e26fb78f Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Thu, 3 Sep 2015 01:25:53 -0700
Subject: [PATCH 05/58] Removed deprecated code.

---
 .../maven/BaseDependencyCheckMojo.java        | 36 +------------------
 1 file changed, 1 insertion(+), 35 deletions(-)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index 374d172db..31f6afaf7 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -30,15 +30,12 @@ import java.io.OutputStream;
 import java.util.List;
 import java.util.Locale;
 import org.apache.maven.artifact.Artifact;
-import org.apache.maven.artifact.metadata.ArtifactMetadataRetrievalException;
-import org.apache.maven.artifact.metadata.ArtifactMetadataSource;
 import org.apache.maven.artifact.repository.ArtifactRepository;
 import org.apache.maven.artifact.versioning.ArtifactVersion;
 import org.apache.maven.doxia.sink.Sink;
 import org.apache.maven.plugin.AbstractMojo;
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugin.MojoFailureException;
-import org.apache.maven.plugins.annotations.Component;
 import org.apache.maven.plugins.annotations.Parameter;
 import org.apache.maven.project.MavenProject;
 import org.apache.maven.reporting.MavenReport;
@@ -82,13 +79,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
     /**
      * The Maven Project Object.
      */
-    @Component
+    @Parameter(property = "project", required=true, readonly=true)
     private MavenProject project;
-    /**
-     * The meta data source for retrieving artifact version information.
-     */
-    @Component
-    private ArtifactMetadataSource metadataSource;
     /**
      * A reference to the local repository.
      */
@@ -475,32 +467,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
                             getLog().debug(String.format("Adding project reference %s on dependency %s", project.getName(),
                                     d.getDisplayFileName()));
                         }
-//                        //Removed - this was the start of tryinig to resolve issue #
-//                        if (metadataSource != null) {
-//                            try {
-//                                final DependencyVersion currentVersion = new DependencyVersion(a.getVersion());
-//                                final List<ArtifactVersion> versions = metadataSource.retrieveAvailableVersions(a,
-//                                        localRepository, remoteRepositories);
-//                                for (ArtifactVersion av : versions) {
-//                                    final DependencyVersion newVersion = new DependencyVersion(av.toString());
-//                                    if (currentVersion.compareTo(newVersion) < 0) {
-//                                        d.addAvailableVersion(av.toString());
-//                                    }
-//                                }
-//                            } catch (ArtifactMetadataRetrievalException ex) {
-//                                getLog().warn(
-//                                        "Unable to check for new versions of dependencies; see the log for more details.");
-//                                if (getLog().isDebugEnabled()) {
-//                                    getLog().debug("", ex);
-//                                }
-//                            } catch (Throwable t) {
-//                                getLog().warn(
-//                                        "Unexpected error occured checking for new versions; see the log for more details.");
-//                                if (getLog().isDebugEnabled()) {
-//                                    getLog().debug("", t);
-//                                }
-//                            }
-//                        }
                     }
                 } else {
                     if (getLog().isDebugEnabled()) {

From d009e39842f071c1927917119796c751910edce4 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Thu, 3 Sep 2015 01:47:46 -0700
Subject: [PATCH 06/58] Removed unnecessary maven-site-plugin dependency, and
 maven-plugin-annotations dependency is provided.

---
 dependency-check-maven/pom.xml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 01a147122..3a2c0454b 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -291,15 +291,10 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
             <artifactId>maven-core</artifactId>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-site-plugin</artifactId>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.apache.maven.plugin-tools</groupId>
             <artifactId>maven-plugin-annotations</artifactId>
-            <scope>compile</scope>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>

From 92e1fd3f286f306502cfa18f694a95f072f4f6b0 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 00:31:50 -0700
Subject: [PATCH 07/58] Added time measurements for key steps.

---
 .../src/main/java/org/owasp/dependencycheck/Engine.java     | 6 ++++--
 .../owasp/dependencycheck/data/update/nvd/DownloadTask.java | 4 +++-
 .../owasp/dependencycheck/data/update/nvd/ProcessTask.java  | 4 +++-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
index cdb1a4706..2da745245 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -352,6 +352,7 @@ public class Engine implements FileFilter {
 
         LOGGER.debug("\n----------------------------------------------------\nBEGIN ANALYSIS\n----------------------------------------------------");
         LOGGER.info("Analysis Starting");
+        final long analysisStart = System.currentTimeMillis();
 
         // analysis phases
         for (AnalysisPhase phase : AnalysisPhase.values()) {
@@ -398,7 +399,7 @@ public class Engine implements FileFilter {
         }
 
         LOGGER.debug("\n----------------------------------------------------\nEND ANALYSIS\n----------------------------------------------------");
-        LOGGER.info("Analysis Complete");
+        LOGGER.info("Analysis Complete ({} ms)", System.currentTimeMillis() - analysisStart);
     }
 
     /**
@@ -442,6 +443,7 @@ public class Engine implements FileFilter {
      */
     public void doUpdates() {
         LOGGER.info("Checking for updates");
+        final long updateStart = System.currentTimeMillis();
         final UpdateService service = new UpdateService(serviceClassLoader);
         final Iterator<CachedWebDataSource> iterator = service.getDataSources();
         while (iterator.hasNext()) {
@@ -454,7 +456,7 @@ public class Engine implements FileFilter {
                 LOGGER.debug("Unable to update details for {}", source.getClass().getName(), ex);
             }
         }
-        LOGGER.info("Check for updates complete");
+        LOGGER.info("Check for updates complete ({} ms)", System.currentTimeMillis() - updateStart);
     }
 
     /**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java
index ed1ab22bc..4b4d04201 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java
@@ -185,6 +185,7 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
             final URL url1 = new URL(nvdCveInfo.getUrl());
             final URL url2 = new URL(nvdCveInfo.getOldSchemaVersionUrl());
             LOGGER.info("Download Started for NVD CVE - {}", nvdCveInfo.getId());
+            final long startDownload = System.currentTimeMillis();
             try {
                 Downloader.fetchFile(url1, first);
                 Downloader.fetchFile(url2, second);
@@ -204,7 +205,8 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
                 extractGzip(second);
             }
 
-            LOGGER.info("Download Complete for NVD CVE - {}", nvdCveInfo.getId());
+            LOGGER.info("Download Complete for NVD CVE - {}  ({} ms)", nvdCveInfo.getId(),
+                System.currentTimeMillis() - startDownload);
             if (this.processorService == null) {
                 return null;
             }
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java
index 8934337c9..775048cfb 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java
@@ -157,6 +157,7 @@ public class ProcessTask implements Callable<ProcessTask> {
      */
     private void processFiles() throws UpdateException {
         LOGGER.info("Processing Started for NVD CVE - {}", filePair.getNvdCveInfo().getId());
+        final long startProcessing = System.currentTimeMillis();
         try {
             importXML(filePair.getFirst(), filePair.getSecond());
             cveDB.commit();
@@ -178,6 +179,7 @@ public class ProcessTask implements Callable<ProcessTask> {
         } finally {
             filePair.cleanup();
         }
-        LOGGER.info("Processing Complete for NVD CVE - {}", filePair.getNvdCveInfo().getId());
+        LOGGER.info("Processing Complete for NVD CVE - {}  ({} ms)", filePair.getNvdCveInfo().getId(),
+            System.currentTimeMillis() - startProcessing);
     }
 }

From 1f0e7895750d0079b8cdba97b59c01eeec9f7b38 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 5 Sep 2015 06:48:00 -0400
Subject: [PATCH 08/58] fixed bug that might contribute to issue #189

---
 .../owasp/dependencycheck/maven/BaseDependencyCheckMojo.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index 374d172db..52e049aef 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -441,8 +441,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
         }
         final Object obj = current.getContextValue(getDataFileContextKey());
         if (obj != null) {
-            if (obj instanceof File) {
-                return (File) obj;
+            if (obj instanceof String) {
+                File f = new File((String) obj);
+                return f;
             }
         } else {
             if (getLog().isDebugEnabled()) {

From 2cf974ef0291dcdf803b7631c2ff3454be91aae1 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 5 Sep 2015 07:09:01 -0400
Subject: [PATCH 09/58] maven-reporting-api cannot be scoped to provided

---
 dependency-check-maven/pom.xml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 01a147122..585e59a37 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -155,7 +155,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                 <version>${reporting.javadoc-plugin.version}</version>
                 <configuration>
                     <failOnError>false</failOnError>
-                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
+                    <bottom>Copyrightďż˝ 2012-15 Jeremy Long. All Rights Reserved.</bottom>
                 </configuration>
                 <reportSets>
                     <reportSet>
@@ -304,7 +304,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>
             <artifactId>maven-reporting-api</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jmockit</groupId>

From d452c5fabb37f5483a305c5e7e7183b8703c4445 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 5 Sep 2015 20:56:18 -0400
Subject: [PATCH 10/58] fixed shift operator per issue #335

---
 .../org/owasp/dependencycheck/data/lucene/LuceneUtils.java | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java
index 68c92a9d9..99707dcac 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java
@@ -93,17 +93,12 @@ public final class LuceneUtils {
      * @return the escaped text.
      */
     public static String escapeLuceneQuery(final CharSequence text) {
-
         if (text == null) {
             return null;
         }
-
-        int size = text.length();
-        size = size >> 1;
+        final int size = text.length() << 1;
         final StringBuilder buf = new StringBuilder(size);
-
         appendEscapedLuceneQuery(buf, text);
-
         return buf.toString();
     }
 }

From 17a05cc1d4dd33f8ebb08d09cf9152a7b88288ac Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 5 Sep 2015 20:56:54 -0400
Subject: [PATCH 11/58] removed excessive logging used to debug

---
 .../java/org/owasp/dependencycheck/maven/AggregateMojo.java     | 2 --
 1 file changed, 2 deletions(-)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
index 82697e6d5..38ecf9f81 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
@@ -119,8 +119,6 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
                     //we shouldn't write this because nothing is configured to generate this report.
                     outputDir = new File(current.getBuild().getDirectory());
                 }
-                getLog().warn("\n\n\nwritting: " + outputDir);
-                getLog().warn("for: " + current.getName());
                 writeReports(engine, current, outputDir);
             }
         }

From 784b78b17c06ab3ce0ec1c35834bafb7d5a4a82f Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 5 Sep 2015 21:07:29 -0400
Subject: [PATCH 12/58] added another timer to pull #336

---
 .../java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
index ff737c451..e153ff2a3 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
@@ -134,13 +134,14 @@ public class CPEAnalyzer implements Analyzer {
      * process.
      */
     public void open() throws IOException, DatabaseException {
-        LOGGER.debug("Opening the CVE Database");
         cve = new CveDB();
         cve.open();
-        LOGGER.debug("Creating the Lucene CPE Index");
         cpe = CpeMemoryIndex.getInstance();
         try {
+            LOGGER.info("Creating the CPE Index");
+            final long creationStart = System.currentTimeMillis();
             cpe.open(cve);
+            LOGGER.info("CPE Index Created ({} ms)", System.currentTimeMillis() - creationStart);
         } catch (IndexException ex) {
             LOGGER.debug("IndexException", ex);
             throw new DatabaseException(ex);

From f7974b324bff1d7b142c34c921f49274994344bb Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 22:25:38 -0700
Subject: [PATCH 13/58] Exclude generated HelpMojo.java file from Checkstyle
 analysis.

---
 dependency-check-maven/pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 49231cc42..0ae143e8e 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -230,6 +230,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                 <artifactId>maven-checkstyle-plugin</artifactId>
                 <version>${reporting.checkstyle-plugin.version}</version>
                 <configuration>
+                    <excludes>**/HelpMojo.java</excludes>
                     <enableRulesSummary>false</enableRulesSummary>
                     <enableFilesSummary>false</enableFilesSummary>
                     <configLocation>${basedir}/../src/main/config/checkstyle-checks.xml</configLocation>

From 2a50dcba9d0827c77e44b3ad9440f014ff5f3a3d Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 22:25:59 -0700
Subject: [PATCH 14/58] Removed Checkstyle and PMD violations.

---
 .../maven/BaseDependencyCheckMojo.java        | 25 ++++---------------
 .../owasp/dependencycheck/maven/Engine.java   |  4 +--
 .../dependencycheck/maven/PurgeMojo.java      |  1 -
 3 files changed, 7 insertions(+), 23 deletions(-)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index 74ec5304d..b07cadefe 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -30,8 +30,6 @@ import java.io.OutputStream;
 import java.util.List;
 import java.util.Locale;
 import org.apache.maven.artifact.Artifact;
-import org.apache.maven.artifact.repository.ArtifactRepository;
-import org.apache.maven.artifact.versioning.ArtifactVersion;
 import org.apache.maven.doxia.sink.Sink;
 import org.apache.maven.plugin.AbstractMojo;
 import org.apache.maven.plugin.MojoExecutionException;
@@ -50,7 +48,6 @@ import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Identifier;
 import org.owasp.dependencycheck.dependency.Vulnerability;
 import org.owasp.dependencycheck.reporting.ReportGenerator;
-import org.owasp.dependencycheck.utils.DependencyVersion;
 import org.owasp.dependencycheck.utils.Settings;
 
 /**
@@ -79,18 +76,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
     /**
      * The Maven Project Object.
      */
-    @Parameter(property = "project", required=true, readonly=true)
+    @Parameter(property = "project", required = true, readonly = true)
     private MavenProject project;
-    /**
-     * A reference to the local repository.
-     */
-    @Parameter(property = "localRepository", readonly = true)
-    private ArtifactRepository localRepository;
-    /**
-     * References to the remote repositories.
-     */
-    @Parameter(property = "project.remoteArtifactRepositories", readonly = true)
-    private List<ArtifactRepository> remoteRepositories;
     /**
      * List of Maven project of the current build
      */
@@ -434,7 +421,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
         final Object obj = current.getContextValue(getDataFileContextKey());
         if (obj != null) {
             if (obj instanceof String) {
-                File f = new File((String) obj);
+                final File f = new File((String) obj);
                 return f;
             }
         } else {
@@ -923,11 +910,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
                 file = new File(writeTo, dataFileName);
             }
             final File parent = file.getParentFile();
-            if (!parent.isDirectory()) {
-                if (parent.mkdirs()) {
-                    getLog().error(String.format("Directory '%s' does not exist and cannot be created; unable to write data file.",
-                            parent.getAbsolutePath()));
-                }
+            if (!parent.isDirectory() && parent.mkdirs()) {
+                getLog().error(String.format("Directory '%s' does not exist and cannot be created; unable to write data file.",
+                        parent.getAbsolutePath()));
             }
 
             OutputStream os = null;
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
index 900bcaef4..f849c8a7e 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
@@ -117,7 +117,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
      */
     @Override
     protected Analyzer initializeAnalyzer(Analyzer analyzer) {
-        if ((analyzer instanceof CPEAnalyzer)) {
+        if (analyzer instanceof CPEAnalyzer) {
             CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
             if (cpe != null && cpe.isOpen()) {
                 return cpe;
@@ -152,7 +152,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
      */
     @Override
     protected void closeAnalyzer(Analyzer analyzer) {
-        if ((analyzer instanceof CPEAnalyzer)) {
+        if (analyzer instanceof CPEAnalyzer) {
             if (getPreviouslyLoadedCPEAnalyzer() == null) {
                 super.closeAnalyzer(analyzer);
             }
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java
index d9f766498..4d387d4bd 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java
@@ -25,7 +25,6 @@ import org.apache.maven.plugin.MojoFailureException;
 import org.apache.maven.plugins.annotations.LifecyclePhase;
 import org.apache.maven.plugins.annotations.Mojo;
 import org.apache.maven.plugins.annotations.ResolutionScope;
-import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.utils.Settings;
 
 /**

From 064236ed5bf3c7cf6de1279b804dae2dd2043d3d Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 22:56:36 -0700
Subject: [PATCH 15/58] Added Dependency plugin to Reporting section because it
 has an excellent Dependency Analysis Report.

---
 pom.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pom.xml b/pom.xml
index a40a9bde1..92a976c82 100644
--- a/pom.xml
+++ b/pom.xml
@@ -362,6 +362,10 @@ Copyright (c) 2012 - Jeremy Long
     </build>
     <reporting>
         <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-project-info-reports-plugin</artifactId>

From c35276e3dfb98d63d1c6c34f58f212f533edd81b Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 23:15:35 -0700
Subject: [PATCH 16/58] Reporting section for gradle module is completely
 redundant with the parent pom.  It can be removed and will generate the same
 report.

---
 dependency-check-gradle/pom.xml | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml
index a1bc9bc4d..26d09d5c5 100644
--- a/dependency-check-gradle/pom.xml
+++ b/dependency-check-gradle/pom.xml
@@ -67,22 +67,4 @@ Copyright (c) 2015 Wei Ma. All Rights Reserved.
             </plugin>
         </plugins>
     </build>
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
-        </plugins>
-    </reporting>
 </project>

From d74218004adee84efba3761308c97e8ce4717ba1 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 23:17:28 -0700
Subject: [PATCH 17/58] Reporting section for jenkins module is completely
 redundant with the parent pom.  It can be removed and will generate the same
 report.

---
 dependency-check-jenkins/pom.xml | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index 986e425c6..5a1bce2e1 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -71,22 +71,4 @@
             </plugin>
         </plugins>
     </build>
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
-        </plugins>
-    </reporting>
 </project>

From e433809f4dfb79ed081d4687508acbbeaa22322a Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sat, 5 Sep 2015 23:57:53 -0700
Subject: [PATCH 18/58] Moved maven-jxr-plugin and
 maven-project-info-reports-plugin reporting declarations into the parent pom.
  No need to duplicate in child modules.  Utils did not have project-info
 reports, but there does not seem to be a good reason.  Also note that the JXR
 plugin is naturally skipped when it does not apply (there is no java code),
 so not necessary to explicitly skip it for gradle and jenkins modules.

---
 dependency-check-ant/pom.xml   |  5 -----
 dependency-check-cli/pom.xml   | 19 -------------------
 dependency-check-core/pom.xml  | 19 -------------------
 dependency-check-maven/pom.xml | 19 -------------------
 dependency-check-utils/pom.xml |  5 -----
 pom.xml                        | 11 +++++++----
 6 files changed, 7 insertions(+), 71 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 7e7208aef..c1eb45c50 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -317,11 +317,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index c76f50b72..c7dac3bdc 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -178,20 +178,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
@@ -222,11 +208,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index f77e3b9b4..9d438259e 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -228,20 +228,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
@@ -272,11 +258,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 49231cc42..88346dd4f 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -127,20 +127,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
@@ -179,11 +165,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 21ce57bdd..74f778b6a 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -135,11 +135,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>${reporting.jxr-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index 92a976c82..fd6b6b457 100644
--- a/pom.xml
+++ b/pom.xml
@@ -133,12 +133,9 @@ Copyright (c) 2012 - Jeremy Long
         <reporting.cobertura-plugin.version>2.6</reporting.cobertura-plugin.version>
         <reporting.findbugs-plugin.version>3.0.1</reporting.findbugs-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
-        <reporting.jxr-plugin.version>2.5</reporting.jxr-plugin.version>
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
-        <!-- TODO(code review) project-info-reports-plugin was/is not used in utils. Expected/intended? -->
-        <reporting.project-info-reports-plugin.version>2.8</reporting.project-info-reports-plugin.version>
         <reporting.surefire-report-plugin.version>2.18.1</reporting.surefire-report-plugin.version>
         <reporting.taglist-plugin.version>2.4</reporting.taglist-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
@@ -366,10 +363,15 @@ Copyright (c) 2012 - Jeremy Long
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-dependency-plugin</artifactId>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jxr-plugin</artifactId>
+                <version>2.5</version>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
+                <version>2.8</version>
                 <reportSets>
                     <reportSet>
                         <reports>
@@ -393,6 +395,7 @@ Copyright (c) 2012 - Jeremy Long
                     </reportSet>
                 </reportSets>
             </plugin>
+
         </plugins>
     </reporting>
     <dependencyManagement>

From 9b92007effb7f755a93139da0822d9cd63982992 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 00:23:24 -0700
Subject: [PATCH 19/58] Centralized cobertura plugin to the parent pom and was
 able to upgrade it from 2.6 to 2.7.

---
 dependency-check-ant/pom.xml   |  5 -----
 dependency-check-cli/pom.xml   |  5 -----
 dependency-check-core/pom.xml  |  5 -----
 dependency-check-maven/pom.xml |  5 -----
 dependency-check-utils/pom.xml |  5 -----
 pom.xml                        | 15 +++++++++++++--
 6 files changed, 13 insertions(+), 27 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index c1eb45c50..79d8a9c94 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -317,11 +317,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index c7dac3bdc..2666d4367 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -208,11 +208,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 9d438259e..0a875c1f8 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -258,11 +258,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 88346dd4f..0c88386a3 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -165,11 +165,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 74f778b6a..d57c40680 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -135,11 +135,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>${reporting.cobertura-plugin.version}</version>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index fd6b6b457..15a35c6ef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -130,7 +130,7 @@ Copyright (c) 2012 - Jeremy Long
         <slf4j.version>1.7.12</slf4j.version>
         <logback.version>1.1.3</logback.version>
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
-        <reporting.cobertura-plugin.version>2.6</reporting.cobertura-plugin.version>
+        <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
         <reporting.findbugs-plugin.version>3.0.1</reporting.findbugs-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
@@ -395,7 +395,18 @@ Copyright (c) 2012 - Jeremy Long
                     </reportSet>
                 </reportSets>
             </plugin>
-
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>cobertura-maven-plugin</artifactId>
+                <version>${reporting.cobertura-plugin.version}</version>
+                <reportSets>
+                    <reportSet>
+                        <reports>
+                            <report>cobertura</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
         </plugins>
     </reporting>
     <dependencyManagement>

From 5c53b6528f7a28e964dc6102e945fc5ac69e1201 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 00:51:28 -0700
Subject: [PATCH 20/58] Centralized the findbugs-maven-plugin to the parent
 pom.  Gradle and Jenkins modules skip it naturally.  The onlyAnlyze setting
 for utils is maintained via a property.  Also was able to upgrade to latest
 plugin, version 3.0.2.

---
 dependency-check-ant/pom.xml   | 5 -----
 dependency-check-cli/pom.xml   | 5 -----
 dependency-check-core/pom.xml  | 5 -----
 dependency-check-maven/pom.xml | 5 -----
 dependency-check-utils/pom.xml | 9 +--------
 pom.xml                        | 7 ++++++-
 6 files changed, 7 insertions(+), 29 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 79d8a9c94..2317d1e02 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -385,11 +385,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 2666d4367..f71f41097 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -276,11 +276,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 0a875c1f8..d18a2c347 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -333,11 +333,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 0c88386a3..458fb9972 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -234,11 +234,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index d57c40680..1175ea09c 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -38,6 +38,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     <!-- end copy -->
 
     <properties>
+        <findbugs.onlyAnalyze>org.owasp.dependencycheck.utils.*</findbugs.onlyAnalyze>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
     <build>
@@ -203,14 +204,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </rulesets>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
-                <configuration>
-                    <onlyAnalyze>org.owasp.dependencycheck.utils.*</onlyAnalyze>
-                </configuration>
-            </plugin>
         </plugins>
     </reporting>
     <dependencies>
diff --git a/pom.xml b/pom.xml
index 15a35c6ef..e72f8be3c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,7 +131,7 @@ Copyright (c) 2012 - Jeremy Long
         <logback.version>1.1.3</logback.version>
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
-        <reporting.findbugs-plugin.version>3.0.1</reporting.findbugs-plugin.version>
+        <reporting.findbugs-plugin.version>3.0.2</reporting.findbugs-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
@@ -407,6 +407,11 @@ Copyright (c) 2012 - Jeremy Long
                     </reportSet>
                 </reportSets>
             </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>findbugs-maven-plugin</artifactId>
+                <version>${reporting.findbugs-plugin.version}</version>
+            </plugin>
         </plugins>
     </reporting>
     <dependencyManagement>

From ece4cb03ad8b06b40a13b475db5d959190424815 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 00:53:53 -0700
Subject: [PATCH 21/58] project.build.sourceEncoding is already specified in
 the parent pom, so this is not necessary.

---
 dependency-check-utils/pom.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 1175ea09c..39e39e80c 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -39,7 +39,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
 
     <properties>
         <findbugs.onlyAnalyze>org.owasp.dependencycheck.utils.*</findbugs.onlyAnalyze>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
     <build>
         <plugins>

From a32fa69823da0e829da671d6f3db938b653f0c5b Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 01:29:17 -0700
Subject: [PATCH 22/58] Moved taglist-maven-plugin to the parent pom.  (Gradle
 and Jenkins modules don't have them -- before or after.)  This will make it
 easier to manage and evolve.

---
 dependency-check-ant/pom.xml   | 24 ------------------------
 dependency-check-cli/pom.xml   | 24 ------------------------
 dependency-check-core/pom.xml  | 24 ------------------------
 dependency-check-maven/pom.xml | 24 ------------------------
 dependency-check-utils/pom.xml | 24 ------------------------
 pom.xml                        | 25 ++++++++++++++++++++++++-
 6 files changed, 24 insertions(+), 121 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 2317d1e02..5827326f6 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -329,30 +329,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index f71f41097..6cd28de0d 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -220,30 +220,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index d18a2c347..9adb4e4ae 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -277,30 +277,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 458fb9972..bc8999dcd 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -177,30 +177,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 39e39e80c..a755877f0 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -147,30 +147,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>taglist-maven-plugin</artifactId>
-                <version>${reporting.taglist-plugin.version}</version>
-                <configuration>
-                    <tagListOptions>
-                        <tagClasses>
-                            <tagClass>
-                                <displayName>Todo Work</displayName>
-                                <tags>
-                                    <tag>
-                                        <matchString>todo</matchString>
-                                        <matchType>ignoreCase</matchType>
-                                    </tag>
-                                    <tag>
-                                        <matchString>FIXME</matchString>
-                                        <matchType>exact</matchType>
-                                    </tag>
-                                </tags>
-                            </tagClass>
-                        </tagClasses>
-                    </tagListOptions>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index e72f8be3c..3b9aa98bd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -137,7 +137,6 @@ Copyright (c) 2012 - Jeremy Long
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
         <reporting.surefire-report-plugin.version>2.18.1</reporting.surefire-report-plugin.version>
-        <reporting.taglist-plugin.version>2.4</reporting.taglist-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
     <distributionManagement>
@@ -412,6 +411,30 @@ Copyright (c) 2012 - Jeremy Long
                 <artifactId>findbugs-maven-plugin</artifactId>
                 <version>${reporting.findbugs-plugin.version}</version>
             </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>taglist-maven-plugin</artifactId>
+                <version>2.4</version>
+                <configuration>
+                    <tagListOptions>
+                        <tagClasses>
+                            <tagClass>
+                                <displayName>Todo Work</displayName>
+                                <tags>
+                                    <tag>
+                                        <matchString>todo</matchString>
+                                        <matchType>ignoreCase</matchType>
+                                    </tag>
+                                    <tag>
+                                        <matchString>FIXME</matchString>
+                                        <matchType>exact</matchType>
+                                    </tag>
+                                </tags>
+                            </tagClass>
+                        </tagClasses>
+                    </tagListOptions>
+                </configuration>
+            </plugin>
         </plugins>
     </reporting>
     <dependencyManagement>

From 7ccb77fb57109b83260d41c53dd7232155adcb94 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 01:32:00 -0700
Subject: [PATCH 23/58] Removed unnecessary property for findbugs-maven-plugin
 since it is now only declared once.

---
 pom.xml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3b9aa98bd..5a24225a3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,7 +131,6 @@ Copyright (c) 2012 - Jeremy Long
         <logback.version>1.1.3</logback.version>
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
-        <reporting.findbugs-plugin.version>3.0.2</reporting.findbugs-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
@@ -409,7 +408,7 @@ Copyright (c) 2012 - Jeremy Long
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${reporting.findbugs-plugin.version}</version>
+                <version>3.0.2</version>
             </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>

From 7b47b7549d248c83da5487bc4e8daf17d5875423 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 01:42:01 -0700
Subject: [PATCH 24/58] Removed redundant declarations for
 maven-compiler-plugin and maven-jar-plugin.

---
 dependency-check-ant/pom.xml   | 8 --------
 dependency-check-cli/pom.xml   | 4 ----
 dependency-check-maven/pom.xml | 4 ----
 dependency-check-utils/pom.xml | 4 ----
 4 files changed, 20 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 5827326f6..3bc99758c 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -190,14 +190,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 6cd28de0d..9a9c55aba 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -124,10 +124,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </systemProperties>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>appassembler-maven-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index bc8999dcd..f9a2123de 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -119,10 +119,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-            </plugin>
         </plugins>
     </build>
     <reporting>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index a755877f0..e21ce22fc 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -97,10 +97,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-failsafe-plugin</artifactId>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-            </plugin>
         </plugins>
     </build>
     <reporting>

From 51e66354b0ee5c77403cc43d336d62cd5faf1130 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 11:18:56 -0700
Subject: [PATCH 25/58] No need to explicitly add a jar goal when it implicitly
 exists already for a jar module.

---
 dependency-check-core/pom.xml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 9adb4e4ae..bdb5ea5c2 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -110,13 +110,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
                 <executions>
-                    <execution>
-                        <id>jar</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
                     <execution>
                         <id>test-jar</id>
                         <phase>package</phase>

From d0f884f5b2833ebcbbd52b8fd17f0c15dd918420 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 12:56:36 -0700
Subject: [PATCH 26/58] Centralized the maven-surefire-report-plugin to the
 parent pom.  Note that gradle and jenkins modules are skipped since it does
 not apply.

---
 dependency-check-ant/pom.xml     | 12 ------------
 dependency-check-cli/pom.xml     | 12 ------------
 dependency-check-core/pom.xml    |  6 ------
 dependency-check-gradle/pom.xml  |  4 ++++
 dependency-check-jenkins/pom.xml |  5 +++++
 dependency-check-maven/pom.xml   | 12 ------------
 dependency-check-utils/pom.xml   | 12 ------------
 pom.xml                          | 13 ++++++++++++-
 8 files changed, 21 insertions(+), 55 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 3bc99758c..d6b254a04 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -309,18 +309,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 9a9c55aba..28260e353 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -204,18 +204,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index bdb5ea5c2..e85915851 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -254,13 +254,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
                 <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
                     <reportSet>
                         <id>integration-tests</id>
                         <reports>
diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml
index 26d09d5c5..726658554 100644
--- a/dependency-check-gradle/pom.xml
+++ b/dependency-check-gradle/pom.xml
@@ -48,6 +48,10 @@ Copyright (c) 2015 Wei Ma. All Rights Reserved.
             <url>${basedir}/../target/site/${project.version}/dependency-check-gradle</url>
         </site>
     </distributionManagement>
+    <properties>
+        <!-- Skip the surefire report since there are no tests... -->
+        <skipSurefireReport>true</skipSurefireReport>
+    </properties>
     <!-- end copy -->
     <build>
         <plugins>
diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index 5a1bce2e1..1c5158417 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -19,6 +19,11 @@
     </distributionManagement>
     <!-- end copy -->
 
+    <properties>
+        <!-- Skip the surefire report since there are no tests... -->
+        <skipSurefireReport>true</skipSurefireReport>
+    </properties>
+
     <packaging>pom</packaging>
     <inceptionYear>2012</inceptionYear>
     <organization>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index f9a2123de..46e8e05e1 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -161,18 +161,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index e21ce22fc..01738661b 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -131,18 +131,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>${reporting.surefire-report-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>report-only</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index 5a24225a3..044aaaf8e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,6 @@ Copyright (c) 2012 - Jeremy Long
         <!-- todo(code review): only used in maven module? Not needed elsewhere -->
         <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
-        <reporting.surefire-report-plugin.version>2.18.1</reporting.surefire-report-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
     <distributionManagement>
@@ -393,6 +392,18 @@ Copyright (c) 2012 - Jeremy Long
                     </reportSet>
                 </reportSets>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+                <version>2.18.1</version>
+                <reportSets>
+                    <reportSet>
+                        <reports>
+                            <report>report-only</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>

From b481f012179a8b72e2673064bf3929e37598139f Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 13:05:17 -0700
Subject: [PATCH 27/58] Moved the maven-plugin-plugin declarations into the
 maven module since it is unique to that module.

---
 dependency-check-maven/pom.xml | 6 +++++-
 pom.xml                        | 7 -------
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 46e8e05e1..0cac371fd 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -40,6 +40,9 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         </site>
     </distributionManagement>
     <!-- end copy -->
+    <properties>
+        <version.maven-plugin-plugin>3.4</version.maven-plugin-plugin>
+    </properties>
     <build>
         <resources>
             <resource>
@@ -63,6 +66,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
+                <version>${version.maven-plugin-plugin}</version>
                 <configuration>
                     <skipErrorNoDescriptorsFound>true</skipErrorNoDescriptorsFound>
                     <goalPrefix>dependency-check</goalPrefix>
@@ -126,7 +130,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
-                <version>${reporting.maven-plugin-plugin.version}</version>
+                <version>${version.maven-plugin-plugin}</version>
                 <configuration>
                     <goalPrefix>dependency-check</goalPrefix>
                 </configuration>
diff --git a/pom.xml b/pom.xml
index 044aaaf8e..e19c0804a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,8 +132,6 @@ Copyright (c) 2012 - Jeremy Long
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
         <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
-        <!-- todo(code review): only used in maven module? Not needed elsewhere -->
-        <reporting.maven-plugin-plugin.version>3.4</reporting.maven-plugin-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
@@ -210,11 +208,6 @@ Copyright (c) 2012 - Jeremy Long
                     <artifactId>maven-jar-plugin</artifactId>
                     <version>2.6</version>
                 </plugin>
-                <plugin>
-                    <groupId>org.apache.maven.plugins</groupId>
-                    <artifactId>maven-plugin-plugin</artifactId>
-                    <version>${reporting.maven-plugin-plugin.version}</version>
-                </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-release-plugin</artifactId>

From ab782054a19550758faedf3a8fdda52d85b73ddc Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 13:37:04 -0700
Subject: [PATCH 28/58] Missed this lingering redundant
 maven-project-info-reports-plugin declaration.

---
 dependency-check-ant/pom.xml | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index d6b254a04..cfd929232 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -265,20 +265,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>${reporting.project-info-reports-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>summary</report>
-                            <report>license</report>
-                            <report>help</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>

From 717f6240e3d67293f2f948ed42633ae415307b9e Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 20:51:56 -0700
Subject: [PATCH 29/58] Centralized javadoc reporting to parent pom.

---
 dependency-check-ant/pom.xml   | 17 -----------------
 dependency-check-cli/pom.xml   | 17 -----------------
 dependency-check-core/pom.xml  | 17 -----------------
 dependency-check-maven/pom.xml | 17 -----------------
 dependency-check-utils/pom.xml | 17 -----------------
 pom.xml                        | 18 +++++++++++++++++-
 6 files changed, 17 insertions(+), 86 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index cfd929232..e2a282c87 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -265,23 +265,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index 28260e353..ce7b64a68 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -174,23 +174,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyrightďż˝ 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index e85915851..d8cf8b4bd 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -221,23 +221,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 0cac371fd..c5e06b925 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -135,23 +135,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     <goalPrefix>dependency-check</goalPrefix>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyrightďż˝ 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 01738661b..0dda10c35 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -101,23 +101,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>${reporting.javadoc-plugin.version}</version>
-                <configuration>
-                    <failOnError>false</failOnError>
-                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
-                </configuration>
-                <reportSets>
-                    <reportSet>
-                        <id>default</id>
-                        <reports>
-                            <report>javadoc</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index e19c0804a..845f017cc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,7 +131,6 @@ Copyright (c) 2012 - Jeremy Long
         <logback.version>1.1.3</logback.version>
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
-        <reporting.javadoc-plugin.version>2.10.3</reporting.javadoc-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
         <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
@@ -353,6 +352,23 @@ Copyright (c) 2012 - Jeremy Long
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-dependency-plugin</artifactId>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>2.10.3</version>
+                <configuration>
+                    <failOnError>false</failOnError>
+                    <bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
+                </configuration>
+                <reportSets>
+                    <reportSet>
+                        <id>default</id>
+                        <reports>
+                            <report>javadoc</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jxr-plugin</artifactId>

From 6d70332cd6a2af53a9361b1485c500ee3865b6c7 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 22:21:50 -0700
Subject: [PATCH 30/58] Centralized the Versions report to the parent pom.

---
 dependency-check-ant/pom.xml     | 13 -------------
 dependency-check-cli/pom.xml     | 13 -------------
 dependency-check-core/pom.xml    | 13 -------------
 dependency-check-gradle/pom.xml  |  2 ++
 dependency-check-jenkins/pom.xml |  2 ++
 dependency-check-maven/pom.xml   | 13 -------------
 dependency-check-utils/pom.xml   | 13 -------------
 pom.xml                          | 14 +++++++++++++-
 8 files changed, 17 insertions(+), 66 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index e2a282c87..199bd1d2c 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -265,19 +265,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index ce7b64a68..0a1a7558b 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -174,19 +174,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index d8cf8b4bd..88f006831 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -221,19 +221,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml
index 726658554..d8131070f 100644
--- a/dependency-check-gradle/pom.xml
+++ b/dependency-check-gradle/pom.xml
@@ -51,6 +51,8 @@ Copyright (c) 2015 Wei Ma. All Rights Reserved.
     <properties>
         <!-- Skip the surefire report since there are no tests... -->
         <skipSurefireReport>true</skipSurefireReport>
+        <!-- Skip the versions report since there are no dependencies... -->
+        <versions.skip>true</versions.skip>
     </properties>
     <!-- end copy -->
     <build>
diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index 1c5158417..cdec04161 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -22,6 +22,8 @@
     <properties>
         <!-- Skip the surefire report since there are no tests... -->
         <skipSurefireReport>true</skipSurefireReport>
+        <!-- Skip the versions report since there are no dependencies... -->
+        <versions.skip>true</versions.skip>
     </properties>
 
     <packaging>pom</packaging>
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index c5e06b925..95b4c7216 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -135,19 +135,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                     <goalPrefix>dependency-check</goalPrefix>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 0dda10c35..1d558b279 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -101,19 +101,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     </build>
     <reporting>
         <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>${reporting.versions-plugin.version}</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index 845f017cc..1a4632f94 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,7 +132,6 @@ Copyright (c) 2012 - Jeremy Long
         <reporting.checkstyle-plugin.version>2.16</reporting.checkstyle-plugin.version>
         <reporting.cobertura-plugin.version>2.7</reporting.cobertura-plugin.version>
         <reporting.pmd-plugin.version>3.5</reporting.pmd-plugin.version>
-        <reporting.versions-plugin.version>2.2</reporting.versions-plugin.version>
     </properties>
     <distributionManagement>
         <site>
@@ -454,6 +453,19 @@ Copyright (c) 2012 - Jeremy Long
                     </tagListOptions>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>versions-maven-plugin</artifactId>
+                <version>2.2</version>
+                <reportSets>
+                    <reportSet>
+                        <reports>
+                            <report>dependency-updates-report</report>
+                            <report>plugin-updates-report</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
         </plugins>
     </reporting>
     <dependencyManagement>

From 8ad1639b021bdfc6d50b5dd336872e3d0e9d62f8 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 22:30:01 -0700
Subject: [PATCH 31/58] License is inherited from Parent POM -- no need to
 restate unless it is different.

---
 dependency-check-gradle/pom.xml  | 6 ------
 dependency-check-jenkins/pom.xml | 6 ------
 2 files changed, 12 deletions(-)

diff --git a/dependency-check-gradle/pom.xml b/dependency-check-gradle/pom.xml
index d8131070f..372562a66 100644
--- a/dependency-check-gradle/pom.xml
+++ b/dependency-check-gradle/pom.xml
@@ -34,12 +34,6 @@ Copyright (c) 2015 Wei Ma. All Rights Reserved.
     <description>dependency-check-gradle is a Gradle Plugin that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the project's dependencies. The plugin will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability and Exposure (CVE) entries.</description>
     <inceptionYear>2015</inceptionYear>
 
-    <licenses>
-        <license>
-            <name>The Apache Software License, Version 2.0</name>
-            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-        </license>
-    </licenses>
     <!-- begin copy from http://minds.coremedia.com/2012/09/11/problem-solved-deploy-multi-module-maven-project-site-as-github-pages/ -->
     <distributionManagement>
         <site>
diff --git a/dependency-check-jenkins/pom.xml b/dependency-check-jenkins/pom.xml
index cdec04161..e8020175e 100644
--- a/dependency-check-jenkins/pom.xml
+++ b/dependency-check-jenkins/pom.xml
@@ -54,12 +54,6 @@
         <system>github</system>
         <url>https://github.com/jenkinsci/dependency-check-jenkins/issues</url>
     </issueManagement>
-    <licenses>
-        <license>
-            <name>The Apache Software License, Version 2.0</name>
-            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-        </license>
-    </licenses>
     <build>
         <plugins>
             <plugin>

From 9b5ce1c3a6eba03b8184b74b66e080c334c8f570 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 6 Sep 2015 23:20:15 -0700
Subject: [PATCH 32/58] Upgraded shade plugin to 2.4.1 (from 2.3).

---
 dependency-check-ant/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 199bd1d2c..57ccb527b 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -193,7 +193,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
-                <version>2.3</version>
+                <version>2.4.1</version>
                 <configuration>
                     <transformers>
                         <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />

From 90935fef2529df1615874a54d0972841d1a8aee8 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 00:40:30 -0700
Subject: [PATCH 33/58] Upgraded dependencies.

---
 pom.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index a40a9bde1..ffdfdd9cf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -424,7 +424,7 @@ Copyright (c) 2012 - Jeremy Long
             <dependency>
                 <groupId>com.sun.mail</groupId>
                 <artifactId>mailapi</artifactId>
-                <version>1.5.2</version>
+                <version>1.5.4</version>
             </dependency>
             <dependency>
                 <groupId>ch.qos.logback</groupId>
@@ -445,17 +445,17 @@ Copyright (c) 2012 - Jeremy Long
             <dependency>
                 <groupId>org.apache.commons</groupId>
                 <artifactId>commons-compress</artifactId>
-                <version>1.9</version>
+                <version>1.10</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.ant</groupId>
                 <artifactId>ant</artifactId>
-                <version>1.9.5</version>
+                <version>1.9.6</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.ant</groupId>
                 <artifactId>ant-testutil</artifactId>
-                <version>1.9.5</version>
+                <version>1.9.6</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.lucene</groupId>
@@ -539,7 +539,7 @@ Copyright (c) 2012 - Jeremy Long
             <dependency>
                 <groupId>org.jsoup</groupId>
                 <artifactId>jsoup</artifactId>
-                <version>1.7.2</version>
+                <version>1.8.3</version>
             </dependency>
             <dependency>
                 <groupId>org.slf4j</groupId>

From 514f8398e2e5c68e84aaf3c022ccbc69631c9ac3 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 01:09:41 -0700
Subject: [PATCH 34/58] Upgraded commons-lang-2.6 to newer commons-lang3-3.4.

---
 dependency-check-core/pom.xml                               | 4 ++--
 .../org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java   | 2 +-
 .../analyzer/PythonDistributionAnalyzer.java                | 2 +-
 .../org/owasp/dependencycheck/dependency/Dependency.java    | 2 +-
 .../java/org/owasp/dependencycheck/dependency/Evidence.java | 4 ++--
 .../dependencycheck/dependency/EvidenceCollection.java      | 2 +-
 .../org/owasp/dependencycheck/reporting/EscapeTool.java     | 6 +++---
 .../org/owasp/dependencycheck/utils/DependencyVersion.java  | 2 +-
 pom.xml                                                     | 6 +++---
 9 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index f77e3b9b4..f7b6e7cd6 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -416,8 +416,8 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
             <artifactId>commons-io</artifactId>
         </dependency>
         <dependency>
-            <groupId>commons-lang</groupId>
-            <artifactId>commons-lang</artifactId>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
         </dependency>
         <dependency>
             <groupId>org.apache.lucene</groupId>
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
index eefe01d37..bde9ff3c4 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
@@ -18,7 +18,7 @@
 package org.owasp.dependencycheck.analyzer;
 
 import org.apache.commons.io.FileUtils;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
index c89aaed6f..55497f07e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
@@ -26,7 +26,7 @@ import java.io.FilenameFilter;
 import org.apache.commons.io.filefilter.NameFileFilter;
 import org.apache.commons.io.filefilter.SuffixFileFilter;
 import org.apache.commons.io.input.AutoCloseInputStream;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
index 26a6d1b56..20c896dc6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
@@ -28,7 +28,7 @@ import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
 
-import org.apache.commons.lang.ObjectUtils;
+import org.apache.commons.lang3.ObjectUtils;
 import org.owasp.dependencycheck.data.nexus.MavenArtifact;
 import org.owasp.dependencycheck.utils.Checksum;
 import org.slf4j.Logger;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java
index 4fa29805b..de550e60c 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java
@@ -17,8 +17,8 @@
  */
 package org.owasp.dependencycheck.dependency;
 
-import org.apache.commons.lang.ObjectUtils;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.ObjectUtils;
+import org.apache.commons.lang3.StringUtils;
 
 import java.io.Serializable;
 
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java
index 17336daee..6cadd85a9 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java
@@ -24,7 +24,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 import java.util.TreeSet;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.owasp.dependencycheck.utils.DependencyVersion;
 import org.owasp.dependencycheck.utils.DependencyVersionUtil;
 import org.owasp.dependencycheck.utils.Filter;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
index f44d4b0d9..4a7a2b491 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
@@ -19,7 +19,7 @@ package org.owasp.dependencycheck.reporting;
 
 import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
-import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -65,7 +65,7 @@ public class EscapeTool {
         if (text == null || text.isEmpty()) {
             return text;
         }
-        return StringEscapeUtils.escapeHtml(text);
+        return StringEscapeUtils.escapeHtml4(text);
     }
 
     /**
@@ -78,6 +78,6 @@ public class EscapeTool {
         if (text == null || text.isEmpty()) {
             return text;
         }
-        return StringEscapeUtils.escapeXml(text);
+        return StringEscapeUtils.escapeXml11(text);
     }
 }
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java
index 1c1f2146e..7f27a0db0 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java
@@ -22,7 +22,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  * <p>
diff --git a/pom.xml b/pom.xml
index a40a9bde1..cadf82d65 100644
--- a/pom.xml
+++ b/pom.xml
@@ -417,9 +417,9 @@ Copyright (c) 2012 - Jeremy Long
                 <version>2.4</version>
             </dependency>
             <dependency>
-                <groupId>commons-lang</groupId>
-                <artifactId>commons-lang</artifactId>
-                <version>2.6</version>
+                <groupId>org.apache.commons</groupId>
+                <artifactId>commons-lang3</artifactId>
+                <version>3.4</version>
             </dependency>
             <dependency>
                 <groupId>com.sun.mail</groupId>

From b11b472933296101a11028ca54c2ee0fe441f096 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 02:27:10 -0700
Subject: [PATCH 35/58] Upgraded commons-cli to 1.3.1 (from 1.2).  See
 http://commons.apache.org/proper/commons-cli/release_1_3.html for upgrade
 details.

---
 .../org/owasp/dependencycheck/CliParser.java  | 241 +++++++++---------
 pom.xml                                       |   5 +-
 2 files changed, 121 insertions(+), 125 deletions(-)

diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
index 07b2ad1f8..741d86a18 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -23,13 +23,12 @@ import java.util.logging.Level;
 
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.DefaultParser;
 import org.apache.commons.cli.HelpFormatter;
 import org.apache.commons.cli.Option;
-import org.apache.commons.cli.OptionBuilder;
 import org.apache.commons.cli.OptionGroup;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
-import org.apache.commons.cli.PosixParser;
 import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 import org.owasp.dependencycheck.utils.Settings;
@@ -79,7 +78,7 @@ public final class CliParser {
      * @throws ParseException if the arguments are invalid
      */
     private CommandLine parseArgs(String[] args) throws ParseException {
-        final CommandLineParser parser = new PosixParser();
+        final CommandLineParser parser = new DefaultParser();
         final Options options = createCommandLineOptions();
         return parser.parse(options, args);
     }
@@ -209,8 +208,8 @@ public final class CliParser {
         final Option help = new Option(ARGUMENT.HELP_SHORT, ARGUMENT.HELP, false,
                 "Print this message.");
 
-        final Option advancedHelp = OptionBuilder.withLongOpt(ARGUMENT.ADVANCED_HELP)
-                .withDescription("Print the advanced help message.").create();
+        final Option advancedHelp = Option.builder().longOpt(ARGUMENT.ADVANCED_HELP)
+                .desc("Print the advanced help message.").build();
 
         final Option version = new Option(ARGUMENT.VERSION_SHORT, ARGUMENT.VERSION,
                 false, "Print the version information.");
@@ -218,44 +217,44 @@ public final class CliParser {
         final Option noUpdate = new Option(ARGUMENT.DISABLE_AUTO_UPDATE_SHORT, ARGUMENT.DISABLE_AUTO_UPDATE,
                 false, "Disables the automatic updating of the CPE data.");
 
-        final Option projectName = OptionBuilder.hasArg().withArgName("name").withLongOpt(ARGUMENT.PROJECT)
-                .withDescription("The name of the project being scanned. This is a required argument.")
-                .create();
+        final Option projectName = Option.builder().hasArg().argName("name").longOpt(ARGUMENT.PROJECT)
+                .desc("The name of the project being scanned. This is a required argument.")
+                .build();
 
-        final Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.SCAN)
-                .withDescription("The path to scan - this option can be specified multiple times. Ant style"
+        final Option path = Option.builder(ARGUMENT.SCAN_SHORT).argName("path").hasArg().longOpt(ARGUMENT.SCAN)
+                .desc("The path to scan - this option can be specified multiple times. Ant style"
                         + " paths are supported (e.g. path/**/*.jar).")
-                .create(ARGUMENT.SCAN_SHORT);
+                .build();
 
-        final Option excludes = OptionBuilder.withArgName("pattern").hasArg().withLongOpt(ARGUMENT.EXCLUDE)
-                .withDescription("Specify and exclusion pattern. This option can be specified multiple times"
+        final Option excludes = Option.builder("p").argName("pattern").hasArg().longOpt(ARGUMENT.EXCLUDE)
+                .desc("Specify and exclusion pattern. This option can be specified multiple times"
                         + " and it accepts Ant style excludsions.")
-                .create("p");
+                .build();
 
-        final Option props = OptionBuilder.withArgName("file").hasArg().withLongOpt(ARGUMENT.PROP)
-                .withDescription("A property file to load.")
-                .create(ARGUMENT.PROP_SHORT);
+        final Option props = Option.builder(ARGUMENT.PROP_SHORT).argName("file").hasArg().longOpt(ARGUMENT.PROP)
+                .desc("A property file to load.")
+                .build();
 
-        final Option out = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.OUT)
-                .withDescription("The folder to write reports to. This defaults to the current directory. "
+        final Option out = Option.builder(ARGUMENT.OUT_SHORT).argName("path").hasArg().longOpt(ARGUMENT.OUT)
+                .desc("The folder to write reports to. This defaults to the current directory. "
                         + "It is possible to set this to a specific file name if the format argument is not set to ALL.")
-                .create(ARGUMENT.OUT_SHORT);
+                .build();
 
-        final Option outputFormat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ARGUMENT.OUTPUT_FORMAT)
-                .withDescription("The output format to write to (XML, HTML, VULN, ALL). The default is HTML.")
-                .create(ARGUMENT.OUTPUT_FORMAT_SHORT);
+        final Option outputFormat = Option.builder(ARGUMENT.OUTPUT_FORMAT_SHORT).argName("format").hasArg().longOpt(ARGUMENT.OUTPUT_FORMAT)
+                .desc("The output format to write to (XML, HTML, VULN, ALL). The default is HTML.")
+                .build();
 
-        final Option verboseLog = OptionBuilder.withArgName("file").hasArg().withLongOpt(ARGUMENT.VERBOSE_LOG)
-                .withDescription("The file path to write verbose logging information.")
-                .create(ARGUMENT.VERBOSE_LOG_SHORT);
+        final Option verboseLog = Option.builder(ARGUMENT.VERBOSE_LOG_SHORT).argName("file").hasArg().longOpt(ARGUMENT.VERBOSE_LOG)
+                .desc("The file path to write verbose logging information.")
+                .build();
 
-        final Option symLinkDepth = OptionBuilder.withArgName("depth").hasArg().withLongOpt(ARGUMENT.SYM_LINK_DEPTH)
-                .withDescription("Sets how deep nested symbolic links will be followed; 0 indicates symbolic links will not be followed.")
-                .create();
+        final Option symLinkDepth = Option.builder().argName("depth").hasArg().longOpt(ARGUMENT.SYM_LINK_DEPTH)
+                .desc("Sets how deep nested symbolic links will be followed; 0 indicates symbolic links will not be followed.")
+                .build();
 
-        final Option suppressionFile = OptionBuilder.withArgName("file").hasArg().withLongOpt(ARGUMENT.SUPPRESSION_FILE)
-                .withDescription("The file path to the suppression XML file.")
-                .create();
+        final Option suppressionFile = Option.builder().argName("file").hasArg().longOpt(ARGUMENT.SUPPRESSION_FILE)
+                .desc("The file path to the suppression XML file.")
+                .build();
 
         //This is an option group because it can be specified more then once.
         final OptionGroup og = new OptionGroup();
@@ -289,115 +288,115 @@ public final class CliParser {
     @SuppressWarnings("static-access")
     private void addAdvancedOptions(final Options options) throws IllegalArgumentException {
 
-        final Option cve12Base = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.CVE_BASE_12)
-                .withDescription("Base URL for each year’s CVE 1.2, the %d will be replaced with the year. ")
-                .create();
+        final Option cve12Base = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.CVE_BASE_12)
+                .desc("Base URL for each year’s CVE 1.2, the %d will be replaced with the year. ")
+                .build();
 
-        final Option cve20Base = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.CVE_BASE_20)
-                .withDescription("Base URL for each year’s CVE 2.0, the %d will be replaced with the year.")
-                .create();
+        final Option cve20Base = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.CVE_BASE_20)
+                .desc("Base URL for each year’s CVE 2.0, the %d will be replaced with the year.")
+                .build();
 
-        final Option cve12Modified = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.CVE_MOD_12)
-                .withDescription("URL for the modified CVE 1.2.")
-                .create();
+        final Option cve12Modified = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.CVE_MOD_12)
+                .desc("URL for the modified CVE 1.2.")
+                .build();
 
-        final Option cve20Modified = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.CVE_MOD_20)
-                .withDescription("URL for the modified CVE 2.0.")
-                .create();
+        final Option cve20Modified = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.CVE_MOD_20)
+                .desc("URL for the modified CVE 2.0.")
+                .build();
 
-        final Option updateOnly = OptionBuilder.withLongOpt(ARGUMENT.UPDATE_ONLY)
-                .withDescription("Only update the local NVD data cache; no scan will be executed.").create();
+        final Option updateOnly = Option.builder().longOpt(ARGUMENT.UPDATE_ONLY)
+                .desc("Only update the local NVD data cache; no scan will be executed.").build();
 
-        final Option data = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.DATA_DIRECTORY)
-                .withDescription("The location of the H2 Database file. This option should generally not be set.")
-                .create(ARGUMENT.DATA_DIRECTORY_SHORT);
+        final Option data = Option.builder(ARGUMENT.DATA_DIRECTORY_SHORT).argName("path").hasArg().longOpt(ARGUMENT.DATA_DIRECTORY)
+                .desc("The location of the H2 Database file. This option should generally not be set.")
+                .build();
 
-        final Option nexusUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.NEXUS_URL)
-                .withDescription("The url to the Nexus Server's REST API Endpoint (http://domain/nexus/service/local). "
-                        + "If not set the Nexus Analyzer will be disabled.").create();
+        final Option nexusUrl = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.NEXUS_URL)
+                .desc("The url to the Nexus Server's REST API Endpoint (http://domain/nexus/service/local). "
+                        + "If not set the Nexus Analyzer will be disabled.").build();
 
-        final Option nexusUsesProxy = OptionBuilder.withArgName("true/false").hasArg().withLongOpt(ARGUMENT.NEXUS_USES_PROXY)
-                .withDescription("Whether or not the configured proxy should be used when connecting to Nexus.")
-                .create();
+        final Option nexusUsesProxy = Option.builder().argName("true/false").hasArg().longOpt(ARGUMENT.NEXUS_USES_PROXY)
+                .desc("Whether or not the configured proxy should be used when connecting to Nexus.")
+                .build();
 
-        final Option additionalZipExtensions = OptionBuilder.withArgName("extensions").hasArg()
-                .withLongOpt(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS)
-                .withDescription("A comma separated list of additional extensions to be scanned as ZIP files "
-                        + "(ZIP, EAR, WAR are already treated as zip files)").create();
+        final Option additionalZipExtensions = Option.builder().argName("extensions").hasArg()
+                .longOpt(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS)
+                .desc("A comma separated list of additional extensions to be scanned as ZIP files "
+                        + "(ZIP, EAR, WAR are already treated as zip files)").build();
 
-        final Option pathToMono = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.PATH_TO_MONO)
-                .withDescription("The path to Mono for .NET Assembly analysis on non-windows systems.")
-                .create();
+        final Option pathToMono = Option.builder().argName("path").hasArg().longOpt(ARGUMENT.PATH_TO_MONO)
+                .desc("The path to Mono for .NET Assembly analysis on non-windows systems.")
+                .build();
 
-        final Option connectionTimeout = OptionBuilder.withArgName("timeout").hasArg().withLongOpt(ARGUMENT.CONNECTION_TIMEOUT)
-                .withDescription("The connection timeout (in milliseconds) to use when downloading resources.")
-                .create(ARGUMENT.CONNECTION_TIMEOUT_SHORT);
+        final Option connectionTimeout = Option.builder(ARGUMENT.CONNECTION_TIMEOUT_SHORT).argName("timeout").hasArg().longOpt(ARGUMENT.CONNECTION_TIMEOUT)
+                .desc("The connection timeout (in milliseconds) to use when downloading resources.")
+                .build();
 
-        final Option proxyServer = OptionBuilder.withArgName("server").hasArg().withLongOpt(ARGUMENT.PROXY_SERVER)
-                .withDescription("The proxy server to use when downloading resources.").create();
+        final Option proxyServer = Option.builder().argName("server").hasArg().longOpt(ARGUMENT.PROXY_SERVER)
+                .desc("The proxy server to use when downloading resources.").build();
 
-        final Option proxyPort = OptionBuilder.withArgName("port").hasArg().withLongOpt(ARGUMENT.PROXY_PORT)
-                .withDescription("The proxy port to use when downloading resources.").create();
+        final Option proxyPort = Option.builder().argName("port").hasArg().longOpt(ARGUMENT.PROXY_PORT)
+                .desc("The proxy port to use when downloading resources.").build();
 
-        final Option proxyUsername = OptionBuilder.withArgName("user").hasArg().withLongOpt(ARGUMENT.PROXY_USERNAME)
-                .withDescription("The proxy username to use when downloading resources.").create();
+        final Option proxyUsername = Option.builder().argName("user").hasArg().longOpt(ARGUMENT.PROXY_USERNAME)
+                .desc("The proxy username to use when downloading resources.").build();
 
-        final Option proxyPassword = OptionBuilder.withArgName("pass").hasArg().withLongOpt(ARGUMENT.PROXY_PASSWORD)
-                .withDescription("The proxy password to use when downloading resources.").create();
+        final Option proxyPassword = Option.builder().argName("pass").hasArg().longOpt(ARGUMENT.PROXY_PASSWORD)
+                .desc("The proxy password to use when downloading resources.").build();
 
-        final Option connectionString = OptionBuilder.withArgName("connStr").hasArg().withLongOpt(ARGUMENT.CONNECTION_STRING)
-                .withDescription("The connection string to the database.").create();
+        final Option connectionString = Option.builder().argName("connStr").hasArg().longOpt(ARGUMENT.CONNECTION_STRING)
+                .desc("The connection string to the database.").build();
 
-        final Option dbUser = OptionBuilder.withArgName("user").hasArg().withLongOpt(ARGUMENT.DB_NAME)
-                .withDescription("The username used to connect to the database.").create();
+        final Option dbUser = Option.builder().argName("user").hasArg().longOpt(ARGUMENT.DB_NAME)
+                .desc("The username used to connect to the database.").build();
 
-        final Option dbPassword = OptionBuilder.withArgName("password").hasArg().withLongOpt(ARGUMENT.DB_PASSWORD)
-                .withDescription("The password for connecting to the database.").create();
+        final Option dbPassword = Option.builder().argName("password").hasArg().longOpt(ARGUMENT.DB_PASSWORD)
+                .desc("The password for connecting to the database.").build();
 
-        final Option dbDriver = OptionBuilder.withArgName("driver").hasArg().withLongOpt(ARGUMENT.DB_DRIVER)
-                .withDescription("The database driver name.").create();
+        final Option dbDriver = Option.builder().argName("driver").hasArg().longOpt(ARGUMENT.DB_DRIVER)
+                .desc("The database driver name.").build();
 
-        final Option dbDriverPath = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.DB_DRIVER_PATH)
-                .withDescription("The path to the database driver; note, this does not need to be set unless the JAR is outside of the classpath.")
-                .create();
+        final Option dbDriverPath = Option.builder().argName("path").hasArg().longOpt(ARGUMENT.DB_DRIVER_PATH)
+                .desc("The path to the database driver; note, this does not need to be set unless the JAR is outside of the classpath.")
+                .build();
 
-        final Option disableJarAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_JAR)
-                .withDescription("Disable the Jar Analyzer.").create();
+        final Option disableJarAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_JAR)
+                .desc("Disable the Jar Analyzer.").build();
 
-        final Option disableArchiveAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_ARCHIVE)
-                .withDescription("Disable the Archive Analyzer.").create();
+        final Option disableArchiveAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_ARCHIVE)
+                .desc("Disable the Archive Analyzer.").build();
 
-        final Option disableNuspecAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NUSPEC)
-                .withDescription("Disable the Nuspec Analyzer.").create();
+        final Option disableNuspecAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_NUSPEC)
+                .desc("Disable the Nuspec Analyzer.").build();
 
-        final Option disableAssemblyAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_ASSEMBLY)
-                .withDescription("Disable the .NET Assembly Analyzer.").create();
+        final Option disableAssemblyAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_ASSEMBLY)
+                .desc("Disable the .NET Assembly Analyzer.").build();
 
-        final Option disablePythonDistributionAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_PY_DIST)
-                .withDescription("Disable the Python Distribution Analyzer.").create();
+        final Option disablePythonDistributionAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_PY_DIST)
+                .desc("Disable the Python Distribution Analyzer.").build();
 
-        final Option disablePythonPackageAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_PY_PKG)
-                .withDescription("Disable the Python Package Analyzer.").create();
+        final Option disablePythonPackageAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_PY_PKG)
+                .desc("Disable the Python Package Analyzer.").build();
 
-        final Option disableAutoconfAnalyzer = OptionBuilder
-                .withLongOpt(ARGUMENT.DISABLE_AUTOCONF)
-                .withDescription("Disable the Autoconf Analyzer.").create();
+        final Option disableAutoconfAnalyzer = Option.builder()
+                .longOpt(ARGUMENT.DISABLE_AUTOCONF)
+                .desc("Disable the Autoconf Analyzer.").build();
 
-        final Option disableOpenSSLAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_OPENSSL)
-                .withDescription("Disable the OpenSSL Analyzer.").create();
-        final Option disableCmakeAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_CMAKE).
-                withDescription("Disable the Cmake Analyzer.").create();
+        final Option disableOpenSSLAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_OPENSSL)
+                .desc("Disable the OpenSSL Analyzer.").build();
+        final Option disableCmakeAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_CMAKE)
+                .desc("Disable the Cmake Analyzer.").build();
 
-        final Option disableCentralAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_CENTRAL)
-                .withDescription("Disable the Central Analyzer. If this analyzer is disabled it is likely you also want to disable "
-                        + "the Nexus Analyzer.").create();
+        final Option disableCentralAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_CENTRAL)
+                .desc("Disable the Central Analyzer. If this analyzer is disabled it is likely you also want to disable "
+                        + "the Nexus Analyzer.").build();
 
-        final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NEXUS)
-                .withDescription("Disable the Nexus Analyzer.").create();
+        final Option disableNexusAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_NEXUS)
+                .desc("Disable the Nexus Analyzer.").build();
 
-        final Option purge = OptionBuilder.withLongOpt(ARGUMENT.PURGE_NVD)
-                .withDescription("Purges the local NVD data cache")
-                .create();
+        final Option purge = Option.builder().longOpt(ARGUMENT.PURGE_NVD)
+                .desc("Purges the local NVD data cache")
+                .build();
 
         options.addOption(updateOnly)
                 .addOption(cve12Base)
@@ -421,15 +420,15 @@ public final class CliParser {
                 .addOption(disablePythonDistributionAnalyzer)
                 .addOption(disableCmakeAnalyzer)
                 .addOption(disablePythonPackageAnalyzer)
-                .addOption(OptionBuilder.withLongOpt(ARGUMENT.DISABLE_RUBYGEMS)
-                        .withDescription("Disable the Ruby Gemspec Analyzer.").create())
+                .addOption(Option.builder().longOpt(ARGUMENT.DISABLE_RUBYGEMS)
+                        .desc("Disable the Ruby Gemspec Analyzer.").build())
                 .addOption(disableAutoconfAnalyzer)
                 .addOption(disableOpenSSLAnalyzer)
                 .addOption(disableNuspecAnalyzer)
                 .addOption(disableCentralAnalyzer)
                 .addOption(disableNexusAnalyzer)
-                .addOption(OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NODE_JS)
-                        .withDescription("Disable the Node.js Package Analyzer.").create())
+                .addOption(Option.builder().longOpt(ARGUMENT.DISABLE_NODE_JS)
+                        .desc("Disable the Node.js Package Analyzer.").build())
                 .addOption(nexusUrl)
                 .addOption(nexusUsesProxy)
                 .addOption(additionalZipExtensions)
@@ -447,12 +446,12 @@ public final class CliParser {
     @SuppressWarnings({"static-access", "deprecation"})
     private void addDeprecatedOptions(final Options options) throws IllegalArgumentException {
 
-        final Option proxyServer = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.PROXY_URL)
-                .withDescription("The proxy url argument is deprecated, use proxyserver instead.")
-                .create();
-        final Option appName = OptionBuilder.withArgName("name").hasArg().withLongOpt(ARGUMENT.APP_NAME)
-                .withDescription("The name of the project being scanned.")
-                .create(ARGUMENT.APP_NAME_SHORT);
+        final Option proxyServer = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.PROXY_URL)
+                .desc("The proxy url argument is deprecated, use proxyserver instead.")
+                .build();
+        final Option appName = Option.builder(ARGUMENT.APP_NAME_SHORT).argName("name").hasArg().longOpt(ARGUMENT.APP_NAME)
+                .desc("The name of the project being scanned.")
+                .build();
 
         options.addOption(proxyServer);
         options.addOption(appName);
diff --git a/pom.xml b/pom.xml
index a40a9bde1..ee1ac5437 100644
--- a/pom.xml
+++ b/pom.xml
@@ -406,10 +406,7 @@ Copyright (c) 2012 - Jeremy Long
             <dependency>
                 <groupId>commons-cli</groupId>
                 <artifactId>commons-cli</artifactId>
-                <!-- Before upgrading to 1.3, note that this introduces several
-                deprecation warnings. Most notable OptionBuilder has been
-                marked as deprecated. Should probably be sorted out. -->
-                <version>1.2</version>
+                <version>1.3.1</version>
             </dependency>
             <dependency>
                 <groupId>commons-io</groupId>

From 56360301d73d2ea6203379cb4747579f6c3ad19d Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Mon, 7 Sep 2015 07:25:29 -0400
Subject: [PATCH 36/58] changed debug message to an error

---
 .../java/org/owasp/dependencycheck/maven/AggregateMojo.java   | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
index 38ecf9f81..aa1621aeb 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
@@ -69,9 +69,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
             for (MavenProject current : getReactorProjects()) {
                 final File dataFile = getDataFile(current);
                 if (dataFile == null) { //dc was never run on this project. write the ser to the target.
-                    if (getLog().isDebugEnabled()) {
-                        getLog().debug(String.format("Executing dependency-check on %s", current.getName()));
-                    }
+                    getLog().error(String.format("Module '%s' did not execute dependency-check; an attempt will be made to perform the check but dependencies may be missed resulting in false negatives.", current.getName()));
                     generateDataFile(engine, current);
                 }
             }

From c3835b9da74cb8b5b523faf8df5aef1a09d724c3 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Mon, 7 Sep 2015 07:27:39 -0400
Subject: [PATCH 37/58] removed erroneous short cli argument for exclude

---
 .../src/main/java/org/owasp/dependencycheck/CliParser.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
index 741d86a18..16dee9b18 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -226,7 +226,7 @@ public final class CliParser {
                         + " paths are supported (e.g. path/**/*.jar).")
                 .build();
 
-        final Option excludes = Option.builder("p").argName("pattern").hasArg().longOpt(ARGUMENT.EXCLUDE)
+        final Option excludes = Option.builder().argName("pattern").hasArg().longOpt(ARGUMENT.EXCLUDE)
                 .desc("Specify and exclusion pattern. This option can be specified multiple times"
                         + " and it accepts Ant style excludsions.")
                 .build();

From 83263f8deee502787273e4c42d44043dd5f9e3f5 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Mon, 7 Sep 2015 07:43:33 -0400
Subject: [PATCH 38/58] Update README.md

added build badge
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index fab943828..4c4e30f73 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,4 @@
+[![Build Status](https://dependency-check.ci.cloudbees.com/buildStatus/icon?job=dependency-check)](https://dependency-check.ci.cloudbees.com/job/dependency-check/)
 Dependency-Check
 ================
 

From f9dbc4f7bf00c1198bd4237b19fd553cd9ee0f60 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 10:54:01 -0700
Subject: [PATCH 39/58] Upgraded Fluido Skin to 1.4 (from 1.3.1).

---
 src/site/site.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/site/site.xml b/src/site/site.xml
index 0ee832dae..f9485aaa1 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     <skin>
         <groupId>org.apache.maven.skins</groupId>
         <artifactId>maven-fluido-skin</artifactId>
-        <version>1.3.1</version>
+        <version>1.4</version>
     </skin>
     <custom>
         <fluidoSkin>

From 115f63c330588ee2f7ec9f4c263ea5e2fb2ffa7e Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 14:38:43 -0700
Subject: [PATCH 40/58] Removed an unused import and combined nested if
 statements.

---
 .../java/org/owasp/dependencycheck/utils/Settings.java   | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index dc278bc4d..c8d8418cf 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -31,7 +31,6 @@ import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.util.Enumeration;
 import java.util.Properties;
-import java.util.logging.Level;
 
 /**
  * A simple settings container that wraps the dependencycheck.properties file.
@@ -626,11 +625,9 @@ public final class Settings {
      */
     public static File getTempDirectory() throws IOException {
         final File tmpDir = new File(Settings.getString(Settings.KEYS.TEMP_DIRECTORY, System.getProperty("java.io.tmpdir")), "dctemp");
-        if (!tmpDir.exists()) {
-            if (!tmpDir.mkdirs()) {
-                final String msg = String.format("Unable to make a temporary folder '%s'", tmpDir.getPath());
-                throw new IOException(msg);
-            }
+        if (!tmpDir.exists() && !tmpDir.mkdirs()) {
+            final String msg = String.format("Unable to make a temporary folder '%s'", tmpDir.getPath());
+            throw new IOException(msg);
         }
         tempDirectory = tmpDir;
         return tmpDir;

From 444685bc05487e7ec05983462bac59216276e0fe Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 14:40:32 -0700
Subject: [PATCH 41/58] Inner class should be static (since it doesn't
 reference parent).

---
 .../org/owasp/dependencycheck/data/update/cpe/CPEHandler.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java
index 6a155c6ca..2e46a4678 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java
@@ -179,7 +179,7 @@ public class CPEHandler extends DefaultHandler {
     /**
      * A simple class to maintain information about the current element while parsing the CPE XML.
      */
-    protected class Element {
+    protected static final class Element {
 
         /**
          * A node type in the CPE Schema 2.2

From df25bbb6d22ac027778d51aeeef283650b76effb Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 14:43:34 -0700
Subject: [PATCH 42/58] Replaced json iteration with more efficient entrySet. 
 Also corrected an invalid logging statement.

---
 .../dependencycheck/analyzer/NodePackageAnalyzer.java  | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
index d489d97c0..597e14258 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -32,6 +32,7 @@ import javax.json.*;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
+import java.util.Map;
 
 /**
  * Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine
@@ -146,20 +147,21 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
 
     private void addToEvidence(JsonObject json, EvidenceCollection collection, String key) {
         if (json.containsKey(key)) {
-            Object value = json.get(key);
+            JsonValue value = json.get(key);
             if (value instanceof JsonString) {
                 collection.addEvidence(PACKAGE_JSON, key, ((JsonString) value).getString(), Confidence.HIGHEST);
             } else if (value instanceof JsonObject) {
                 final JsonObject jsonObject = (JsonObject) value;
-                for (String property : jsonObject.keySet()) {
-                    final Object subValue = jsonObject.get(property);
+                for (final Map.Entry<String, JsonValue> entry : jsonObject.entrySet()) {
+                    final String property = entry.getKey();
+                    final JsonValue subValue = entry.getValue();
                     if (subValue instanceof JsonString) {
                         collection.addEvidence(PACKAGE_JSON,
                                 String.format("%s.%s", key, property),
                                 ((JsonString) subValue).getString(),
                                 Confidence.HIGHEST);
                     } else {
-                        LOGGER.warn("JSON sub-value not string as expected: %s");
+                        LOGGER.warn("JSON sub-value not string as expected: %s", subValue);
                     }
                 }
             } else {

From af0255ee09459fccdc4b3bc084d9b426aa57d240 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 14:48:23 -0700
Subject: [PATCH 43/58] Rather than create a collection, then call addAll to
 populate, the collection can be created with the collection to clone.

---
 .../src/main/java/org/owasp/dependencycheck/Engine.java        | 3 +--
 .../owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java  | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
index 2da745245..b6e170a7d 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -366,8 +366,7 @@ public class Engine implements FileFilter {
                  * This is okay for adds/deletes because it happens per analyzer.
                  */
                 LOGGER.debug("Begin Analyzer '{}'", a.getName());
-                final Set<Dependency> dependencySet = new HashSet<Dependency>();
-                dependencySet.addAll(dependencies);
+                final Set<Dependency> dependencySet = new HashSet<Dependency>(dependencies);
                 for (Dependency d : dependencySet) {
                     boolean shouldAnalyze = true;
                     if (a instanceof FileTypeAnalyzer) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
index d518f8490..d136ee235 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
@@ -154,8 +154,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
      */
     @SuppressWarnings("null")
     private void removeSpuriousCPE(Dependency dependency) {
-        final List<Identifier> ids = new ArrayList<Identifier>();
-        ids.addAll(dependency.getIdentifiers());
+        final List<Identifier> ids = new ArrayList<Identifier>(dependency.getIdentifiers());
         Collections.sort(ids);
         final ListIterator<Identifier> mainItr = ids.listIterator();
         while (mainItr.hasNext()) {

From 01450bacc21437f7c6ad01462b5f39bed6e058c0 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 14:51:26 -0700
Subject: [PATCH 44/58] Removed a redundant null check, and replaced an addAll
 with the constructor population.

---
 .../org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java  | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index f43e09240..d0f44ffc1 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -184,7 +184,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
         if (tempFileLocation != null && tempFileLocation.exists()) {
             LOGGER.debug("Attempting to delete temporary files");
             final boolean success = FileUtils.delete(tempFileLocation);
-            if (!success && tempFileLocation != null && tempFileLocation.exists() && tempFileLocation.list().length > 0) {
+            if (!success && tempFileLocation.exists() && tempFileLocation.list().length > 0) {
                 LOGGER.warn("Failed to delete some temporary files, see the log for more details");
             }
         }
@@ -278,8 +278,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
         final Set<Dependency> newDependencies;
         if (sizeChanged) {
             //get the new dependencies
-            newDependencies = new HashSet<Dependency>();
-            newDependencies.addAll(after);
+            newDependencies = new HashSet<Dependency>(after);
             newDependencies.removeAll(before);
         } else {
             newDependencies = EMPTY_DEPENDENCY_SET;

From 9a45c9aa7cb5a52703f053efdb1bc90211f06f98 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 15:21:54 -0700
Subject: [PATCH 45/58] Removed unused Cal10n MessageConveyor.

---
 .../owasp/dependencycheck/analyzer/AssemblyAnalyzer.java    | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
index 26e795ee4..4885d81b5 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -17,8 +17,6 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import ch.qos.cal10n.IMessageConveyor;
-import ch.qos.cal10n.MessageConveyor;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileFilter;
@@ -75,10 +73,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
      * The DocumentBuilder for parsing the XML
      */
     private DocumentBuilder builder;
-    /**
-     * Message Conveyer
-     */
-    private static final IMessageConveyor MESSAGE_CONVERYOR = new MessageConveyor(Locale.getDefault());
     /**
      * Logger
      */

From 85604e8afad923e2ed7b4a7200f8d34b5098d70f Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 16:01:10 -0700
Subject: [PATCH 46/58] Logback-core is a transitive dependency from
 logback-classic -- no need to explicitly mention it.  JSoup type is jar by
 default, so no need to mention that.  SLF4J-Ext does not seem to be used, so
 can drop that.  H2 only has runtime scope.

---
 dependency-check-core/pom.xml | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 1f8f283cf..4bdfc39a2 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -280,22 +280,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
             <artifactId>slf4j-api</artifactId>
         </dependency>
         <!-- Set this to test so that each project that uses this has to have its own implementation of SLF4J -->
-        <dependency>
-            <groupId>ch.qos.logback</groupId>
-            <artifactId>logback-core</artifactId>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
             <scope>test</scope>
         </dependency>
-        <!-- For the CAL10N support -->
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-ext</artifactId>
-            <scope>compile</scope>
-        </dependency>
         <dependency>
             <groupId>org.owasp</groupId>
             <artifactId>dependency-check-utils</artifactId>
@@ -342,6 +331,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>
+            <scope>runtime</scope>
         </dependency>
         <dependency>
             <groupId>org.glassfish</groupId>
@@ -350,7 +340,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
         <dependency>
             <groupId>org.jsoup</groupId>
             <artifactId>jsoup</artifactId>
-            <type>jar</type>
         </dependency>
         <dependency>
             <groupId>com.sun.mail</groupId>

From a75c17ac5ee24e2bf869864ef6afc025e9e5498c Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 16:28:22 -0700
Subject: [PATCH 47/58] Added final keywords and elaborated the javax.json
 imports.

---
 .../analyzer/NodePackageAnalyzer.java             | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
index 597e14258..56a98fd7e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -28,11 +28,16 @@ import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.json.*;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
 import java.util.Map;
+import javax.json.Json;
+import javax.json.JsonException;
+import javax.json.JsonObject;
+import javax.json.JsonReader;
+import javax.json.JsonString;
+import javax.json.JsonValue;
 
 /**
  * Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine
@@ -121,13 +126,13 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
                     "Problem occurred while reading dependency file.", e);
         }
         try {
-            JsonObject json = jsonReader.readObject();
+            final JsonObject json = jsonReader.readObject();
             final EvidenceCollection productEvidence = dependency.getProductEvidence();
             final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
             if (json.containsKey("name")) {
-                Object value = json.get("name");
+                final Object value = json.get("name");
                 if (value instanceof JsonString) {
-                    String valueString = ((JsonString) value).getString();
+                    final String valueString = ((JsonString) value).getString();
                     productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
                     vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
                 } else {
@@ -147,7 +152,7 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
 
     private void addToEvidence(JsonObject json, EvidenceCollection collection, String key) {
         if (json.containsKey(key)) {
-            JsonValue value = json.get(key);
+            final JsonValue value = json.get(key);
             if (value instanceof JsonString) {
                 collection.addEvidence(PACKAGE_JSON, key, ((JsonString) value).getString(), Confidence.HIGHEST);
             } else if (value instanceof JsonObject) {

From 537c4b3a50646ee3b57d019bed46e11f942a34eb Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 16:28:55 -0700
Subject: [PATCH 48/58] Added missing final keywords.

---
 .../org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index d0f44ffc1..357d5f351 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -271,9 +271,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
      * @return any dependencies that weren't known to the engine before
      */
     private static Set<Dependency> findMoreDependencies(Engine engine, File file) {
-        List<Dependency> before = new ArrayList<Dependency>(engine.getDependencies());
+        final List<Dependency> before = new ArrayList<Dependency>(engine.getDependencies());
         engine.scan(file);
-        List<Dependency> after = engine.getDependencies();
+        final List<Dependency> after = engine.getDependencies();
         final boolean sizeChanged = before.size() != after.size();
         final Set<Dependency> newDependencies;
         if (sizeChanged) {
@@ -451,7 +451,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
      *
      * @param closeable to be closed
      */
-    private static void close(Closeable closeable){
+    private static void close(Closeable closeable) {
         if (null != closeable) {
             try {
                 closeable.close();

From 769fcb20d8977d6377b10da637a86131c0f1b9d3 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 16:29:27 -0700
Subject: [PATCH 49/58] Removed a now unused import.

---
 .../org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
index 4885d81b5..dc60c485b 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -43,7 +43,6 @@ import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Locale;
 
 /**
  * Analyzer for getting company, product, and version information from a .NET assembly.

From c09650a136d3da80986563e55a3c8ce76b6069d0 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 16:30:58 -0700
Subject: [PATCH 50/58] Removed unused slf4j-ext and slf4j-jdk14 dependency
 declarations.

---
 pom.xml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0d69b1666..e83b0b7e0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -620,16 +620,6 @@ Copyright (c) 2012 - Jeremy Long
                 <artifactId>slf4j-api</artifactId>
                 <version>${slf4j.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.slf4j</groupId>
-                <artifactId>slf4j-ext</artifactId>
-                <version>${slf4j.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>org.slf4j</groupId>
-                <artifactId>slf4j-jdk14</artifactId>
-                <version>${slf4j.version}</version>
-            </dependency>
             <dependency>
                 <groupId>org.slf4j</groupId>
                 <artifactId>slf4j-simple</artifactId>

From b51731d15f5d7d6f896a3cb192e555eb9169d641 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 16:35:23 -0700
Subject: [PATCH 51/58] Added final keyword.

---
 .../main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 90a1e3490..4ab780755 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -490,7 +490,7 @@ public class CveDB {
             deleteReferences = getConnection().prepareStatement(statementBundle.getString("DELETE_REFERENCE"));
             deleteSoftware = getConnection().prepareStatement(statementBundle.getString("DELETE_SOFTWARE"));
             updateVulnerability = getConnection().prepareStatement(statementBundle.getString("UPDATE_VULNERABILITY"));
-            String ids[] = {"id"};
+            final String ids[] = {"id"};
             insertVulnerability = getConnection().prepareStatement(statementBundle.getString("INSERT_VULNERABILITY"),
                     //Statement.RETURN_GENERATED_KEYS);
                     ids);

From 480fa50af58726b7092378913ce646ae9eddebfa Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 17:01:24 -0700
Subject: [PATCH 52/58] Corrected Javadoc to eliminate warning.

---
 .../src/main/java/org/owasp/dependencycheck/App.java            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
index ca5aa8e77..520c85009 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -416,7 +416,7 @@ public class App {
     }
 
     /**
-     * Takes a path and resolves it to be a canonical & absolute path. The caveats are that this method will take an Ant style
+     * Takes a path and resolves it to be a canonical &amp; absolute path. The caveats are that this method will take an Ant style
      * file selector path (../someDir/**\/*.jar) and convert it to an absolute/canonical path (at least to the left of the first *
      * or ?).
      *

From 54be70672e7d897894d2ea41f81cf3ee19feea14 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 17:49:11 -0700
Subject: [PATCH 53/58] Replaced Date manipulation with more efficient System
 call.

---
 .../owasp/dependencycheck/data/update/EngineVersionCheck.java  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
index 81df9557b..c3ff0b7b5 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
@@ -21,7 +21,6 @@ import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.util.Date;
 import org.apache.commons.io.IOUtils;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -88,7 +87,7 @@ public class EngineVersionCheck implements CachedWebDataSource {
             LOGGER.debug("Begin Engine Version Check");
             final DatabaseProperties properties = cveDB.getDatabaseProperties();
             final long lastChecked = Long.parseLong(properties.getProperty(ENGINE_VERSION_CHECKED_ON, "0"));
-            final long now = (new Date()).getTime();
+            final long now = System.currentTimeMillis();
             updateToVersion = properties.getProperty(CURRENT_ENGINE_RELEASE, "");
             final String currentVersion = Settings.getString(Settings.KEYS.APPLICATION_VERSION, "0.0.0");
             LOGGER.debug("Last checked: {}", lastChecked);

From 2689a08026c884fd25a40efc16de75ce23d452aa Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Mon, 7 Sep 2015 17:50:02 -0700
Subject: [PATCH 54/58] Replaced Date manipulation with more efficient System
 call.

---
 .../owasp/dependencycheck/data/update/CpeUpdater.java    | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
index 0f6707488..e773f0f15 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
@@ -24,7 +24,6 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.util.Date;
 import java.util.List;
 import java.util.zip.GZIPInputStream;
 import javax.xml.parsers.ParserConfigurationException;
@@ -69,8 +68,8 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
                 for (Cpe cpe : cpes) {
                     getCveDB().addCpe(cpe.getValue(), cpe.getVendor(), cpe.getProduct());
                 }
-                final Date now = new Date();
-                getProperties().save(LAST_CPE_UPDATE, Long.toString(now.getTime()));
+                final long now = System.currentTimeMillis();
+                getProperties().save(LAST_CPE_UPDATE, Long.toString(now));
                 LOGGER.info("CPE update complete");
             }
         } finally {
@@ -134,14 +133,14 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
      * @return true if the CPE data should be refreshed
      */
     private boolean updateNeeded() {
-        final Date now = new Date();
+        final long now = System.currentTimeMillis();
         final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS, 30);
         long timestamp = 0;
         final String ts = getProperties().getProperty(LAST_CPE_UPDATE);
         if (ts != null && ts.matches("^[0-9]+$")) {
             timestamp = Long.parseLong(ts);
         }
-        return !DateUtil.withinDateRange(timestamp, now.getTime(), days);
+        return !DateUtil.withinDateRange(timestamp, now, days);
     }
 
     /**

From 96768d852973487cf723fcbcd38bab2e835a2b4e Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Tue, 8 Sep 2015 01:01:13 -0700
Subject: [PATCH 55/58] Replaced Date manipulation with more efficient System
 call.

---
 .../org/owasp/dependencycheck/data/update/NvdCveUpdater.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
index ef9aa2846..570c542ea 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
@@ -19,7 +19,6 @@ package org.owasp.dependencycheck.data.update;
 
 import java.net.MalformedURLException;
 import java.util.Calendar;
-import java.util.Date;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
@@ -214,11 +213,11 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
         if (!getProperties().isEmpty()) {
             try {
                 final long lastUpdated = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED, "0"));
-                final Date now = new Date();
+                final long now = System.currentTimeMillis();
                 final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS, 7);
                 if (lastUpdated == updates.getTimeStamp(MODIFIED)) {
                     updates.clear(); //we don't need to update anything.
-                } else if (DateUtil.withinDateRange(lastUpdated, now.getTime(), days)) {
+                } else if (DateUtil.withinDateRange(lastUpdated, now, days)) {
                     for (NvdCveInfo entry : updates) {
                         if (MODIFIED.equals(entry.getId())) {
                             entry.setNeedsUpdate(true);

From fdbec176fab389e05873f7dd817ec670908373d1 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 8 Sep 2015 06:31:59 -0400
Subject: [PATCH 56/58] fixed logging statements to use slf4j format syntax
 instead of String.format syntax

---
 .../analyzer/ArchiveAnalyzer.java             | 23 +++++++++----------
 .../analyzer/CMakeAnalyzer.java               |  7 +++---
 .../analyzer/NexusAnalyzer.java               |  2 +-
 .../analyzer/NodePackageAnalyzer.java         | 14 +++++------
 4 files changed, 22 insertions(+), 24 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index 357d5f351..27777440b 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -89,16 +89,16 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
      */
     private static final Set<String> ZIPPABLES = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg");
     /**
-     * The set of file extensions supported by this analyzer. Note for developers, any additions to this list will need
-     * to be explicitly handled in {@link #extractFiles(File, File, Engine)}.
+     * The set of file extensions supported by this analyzer. Note for developers, any additions to this list will need to be
+     * explicitly handled in {@link #extractFiles(File, File, Engine)}.
      */
     private static final Set<String> EXTENSIONS = newHashSet("tar", "gz", "tgz", "bz2", "tbz2");
 
     /**
      * Detects files with extensions to remove from the engine's collection of dependencies.
      */
-    private static final FileFilter REMOVE_FROM_ANALYSIS =
-            FileFilterBuilder.newInstance().addExtensions("zip", "tar", "gz", "tgz", "bz2", "tbz2").build();
+    private static final FileFilter REMOVE_FROM_ANALYSIS
+            = FileFilterBuilder.newInstance().addExtensions("zip", "tar", "gz", "tgz", "bz2", "tbz2").build();
 
     static {
         final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
@@ -195,7 +195,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
      * and added to the list of dependencies within the engine.
      *
      * @param dependency the dependency to analyze
-     * @param engine     the engine scanning
+     * @param engine the engine scanning
      * @throws AnalysisException thrown if there is an analysis exception
      */
     @Override
@@ -239,7 +239,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
             final File tdir = getNextTempDirectory();
             final String fileName = dependency.getFileName();
 
-            LOGGER.info(String.format("The zip file '%s' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName));
+            LOGGER.info("The zip file '{}' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName);
 
             final File tmpLoc = new File(tdir, fileName.substring(0, fileName.length() - 3) + "jar");
             try {
@@ -286,7 +286,6 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
         return newDependencies;
     }
 
-
     /**
      * Retrieves the next temporary directory to extract an archive too.
      *
@@ -310,9 +309,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
     /**
      * Extracts the contents of an archive into the specified directory.
      *
-     * @param archive     an archive file such as a WAR or EAR
+     * @param archive an archive file such as a WAR or EAR
      * @param destination a directory to extract the contents to
-     * @param engine      the scanning engine
+     * @param engine the scanning engine
      * @throws AnalysisException thrown if the archive is not found
      */
     private void extractFiles(File archive, File destination, Engine engine) throws AnalysisException {
@@ -358,9 +357,9 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
     /**
      * Extracts files from an archive.
      *
-     * @param input       the archive to extract files from
+     * @param input the archive to extract files from
      * @param destination the location to write the files too
-     * @param engine      the dependency-check engine
+     * @param engine the dependency-check engine
      * @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive
      */
     private void extractArchive(ArchiveInputStream input, File destination, Engine engine) throws ArchiveExtractionException {
@@ -422,7 +421,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
      * Decompresses a file.
      *
      * @param inputStream the compressed file
-     * @param outputFile  the location to write the decompressed file
+     * @param outputFile the location to write the decompressed file
      * @throws ArchiveExtractionException thrown if there is an exception decompressing the file
      */
     private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
index bde9ff3c4..6c483137c 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
@@ -167,7 +167,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
                 dependency.getProductEvidence().addEvidence(name, "Project",
                         group, Confidence.HIGH);
             }
-            LOGGER.debug(String.format("Found %d matches.", count));
+            LOGGER.debug("Found {} matches.", count);
             analyzeSetVersionCommand(dependency, engine, contents);
         }
     }
@@ -178,9 +178,8 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
         int count = 0;
         while (m.find()) {
             count++;
-            LOGGER.debug(String.format(
-                    "Found project command match with %d groups: %s",
-                    m.groupCount(), m.group(0)));
+            LOGGER.debug("Found project command match with {} groups: {}",
+                    m.groupCount(), m.group(0));
             String product = m.group(1);
             final String version = m.group(2);
             LOGGER.debug("Group 1: " + product);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
index 226c0aff2..9c6b3aea6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
@@ -247,7 +247,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
             }
         } catch (IllegalArgumentException iae) {
             //dependency.addAnalysisException(new AnalysisException("Invalid SHA-1"));
-            LOGGER.info(String.format("invalid sha-1 hash on %s", dependency.getFileName()));
+            LOGGER.info("invalid sha-1 hash on {}", dependency.getFileName());
         } catch (FileNotFoundException fnfe) {
             //dependency.addAnalysisException(new AnalysisException("Artifact not found on repository"));
             LOGGER.debug("Artifact not found in repository '{}'", dependency.getFileName());
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
index 56a98fd7e..4345904ca 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -40,8 +40,8 @@ import javax.json.JsonString;
 import javax.json.JsonValue;
 
 /**
- * Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine
- * the associated CPE.
+ * Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine the
+ * associated CPE.
  *
  * @author Dale Visser <dvisser@ida.org>
  */
@@ -66,8 +66,8 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
     /**
      * Filter that detects files named "package.json".
      */
-    private static final FileFilter PACKAGE_JSON_FILTER =
-            FileFilterBuilder.newInstance().addFilenames(PACKAGE_JSON).build();
+    private static final FileFilter PACKAGE_JSON_FILTER
+            = FileFilterBuilder.newInstance().addFilenames(PACKAGE_JSON).build();
 
     /**
      * Returns the FileFilter
@@ -136,7 +136,7 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
                     productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST);
                     vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW);
                 } else {
-                    LOGGER.warn("JSON value not string as expected: %s", value);
+                    LOGGER.warn("JSON value not string as expected: {}", value);
                 }
             }
             addToEvidence(json, productEvidence, "description");
@@ -166,11 +166,11 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
                                 ((JsonString) subValue).getString(),
                                 Confidence.HIGHEST);
                     } else {
-                        LOGGER.warn("JSON sub-value not string as expected: %s", subValue);
+                        LOGGER.warn("JSON sub-value not string as expected: {}", subValue);
                     }
                 }
             } else {
-                LOGGER.warn("JSON value not string or JSON object as expected: %s", value);
+                LOGGER.warn("JSON value not string or JSON object as expected: {}", value);
             }
         }
     }

From 48e644e007d7f7dc0b806ef3d7d0e780f49ad6d1 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Wed, 9 Sep 2015 05:58:51 -0400
Subject: [PATCH 57/58] removed un-needed call to log.isDebugEnabled()

---
 .../java/org/owasp/dependencycheck/maven/AggregateMojo.java   | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
index aa1621aeb..09cf1c763 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
@@ -106,9 +106,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
                     }
                 } catch (AnalysisException ex) {
                     getLog().warn("An error occured grouping the dependencies; duplicate entries may exist in the report", ex);
-                    if (getLog().isDebugEnabled()) {
-                        getLog().debug("Bundling Exception", ex);
-                    }
+                    getLog().debug("Bundling Exception", ex);
                 }
 
                 File outputDir = getCorrectOutputDirectory(current);

From 57ae0f16761f130cfc165ff4c1866cb0b7435f07 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Wed, 9 Sep 2015 06:15:17 -0400
Subject: [PATCH 58/58] resolved command line invocation of aggregate resulting
 in missing html report (#189)

---
 .../java/org/owasp/dependencycheck/maven/AggregateMojo.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
index 09cf1c763..69599b35c 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
@@ -46,7 +46,7 @@ import org.owasp.dependencycheck.utils.Settings;
 @Mojo(
         name = "aggregate",
         defaultPhase = LifecyclePhase.COMPILE,
-        aggregator = true,
+        /*aggregator = true,*/
         threadSafe = true,
         requiresDependencyResolution = ResolutionScope.COMPILE_PLUS_RUNTIME,
         requiresOnline = true