feat(impl):[#499] docs cleanup

.config/README.md

@@ -14,6 +14,5 @@ This folder contains configuration, rules and suppression files for code quality
 | irs.header                  | Copyright header definition for the checkstyle module RegexpHeader.                       | see checkstyle.xml file                                                                                                |
 | owasp-suppressions.xml      | [OWASP dependendy check](https://owasp.org/www-project-dependency-check/) suppressions.   | [OWASP suppressions documentation](https://jeremylong.github.io/DependencyCheck/general/suppression.html)              |
 | pmd-rules.xml               | [PMD Source Code Analyzer](https://pmd.github.io/) rules.                                 | [PMD rules documentation](https://pmd.github.io/pmd/pmd_userdocs_making_rulesets.html)                                 |
-| spotbugs-excludes.xml       | [Spotbugs](https://spotbugs.github.io/) excludes.                                         | [Spotbugs excludes documentation](https://spotbugs.readthedocs.io/en/stable/filter.html)                               |
 
 

README.md

@@ -7,11 +7,8 @@
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=eclipse-tractusx_item-relationship-service&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=eclipse-tractusx_item-relationship-service)
 [![CodeQL](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/codeql.yml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/codeql.yml)  
 [![Kics](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/kics.yml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/kics.yml)
-[![Trivy](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/trivy.yml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/trivy.yml)
 [![Trivy Docker Hub Scan](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/trivy-docker-hub-scan.yml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/trivy-docker-hub-scan.yml)
-[![VeraCode](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/veracode.yaml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/veracode.yaml)
 [![OWASP Dependency Check](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/owasp.yml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/owasp.yml)
-[![Spotbugs](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/spotbugs.yml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/spotbugs.yml)
 [![Eclipse-dash](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/eclipse-dash.yml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/eclipse-dash.yml)
 [![Tavern IRS API test](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/tavern.yml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/tavern.yml)
 

docs/src/docs/arc42/architecture-constraints/index.adoc

@@ -97,12 +97,6 @@ Orchestration of application components and integration with other libraries/fra
 |Fail build on untidy pom.xml
 |N/A
 
-|SpotBugs
-|Static analysis to find bugs in Java code. Successor to the popular FindBugs tool
-|Fail build on violations
-|.config/spotbugs-excludes.xml
-@SuppressFBWarnings(...)
-
 |FindSecBugs
 |SpotBugs plugin to add security bug coverage
 |Fail build on violations
@@ -126,14 +120,6 @@ Orchestration of application components and integration with other libraries/fra
 |pom.xml
 @ExcludeFromCodeCoverageGeneratedReport
 
-|Veracode
-a|
-- Scan source code for vulnerabilities (SAST)
-- Scan dependencies for known vulnerabilities (SCA)
-- Check used licenses (FOSS licenses)
-|
-|https://web.analysiscenter.veracode.com/
-
 |Dependabot
 |Automated dependency updates built into GitHub. Provides pull requests for dependency updates.
 |Every dependency update automatically generates a pull request.
@@ -143,4 +129,9 @@ a|
 |Discover vulnerabilities across a code base.
 |
 |.github/workflows/codeql.yml
+
+|KICS
+|Infrastructure as Code scannings.
+|
+|.github/workflows/kics.yml
 |===

pom.xml

@@ -107,7 +107,6 @@
         <testcontainers-bom.version>1.19.1</testcontainers-bom.version>
 
         <!-- Plugins -->
-        <spotbugs-plugin.version>4.7.3.2</spotbugs-plugin.version>
         <findsecbugs-plugin.version>1.12.0</findsecbugs-plugin.version>
         <checkstyle-plugin.version>3.3.1</checkstyle-plugin.version>
         <checkstyle.version>10.12.6</checkstyle.version>
@@ -206,33 +205,6 @@
                         </execution>
                     </executions>
                 </plugin>
-                <plugin>
-                    <groupId>com.github.spotbugs</groupId>
-                    <artifactId>spotbugs-maven-plugin</artifactId>
-                    <version>${spotbugs-plugin.version}</version>
-                    <configuration>
-                        <effort>Max</effort>
-                        <threshold>Low</threshold>
-                        <xmlOutput>true</xmlOutput>
-                        <failThreshold>Low</failThreshold>
-                        <excludeFilterFile>.config/spotbugs-excludes.xml</excludeFilterFile>
-                        <plugins>
-                            <plugin>
-                                <groupId>com.h3xstream.findsecbugs</groupId>
-                                <artifactId>findsecbugs-plugin</artifactId>
-                                <version>${findsecbugs-plugin.version}</version>
-                            </plugin>
-                        </plugins>
-                    </configuration>
-                    <executions>
-                        <execution>
-                            <phase>validate</phase>
-                            <goals>
-                                <goal>check</goal>
-                            </goals>
-                        </execution>
-                    </executions>
-                </plugin>
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>