diff --git a/build.gradle b/build.gradle
index 27890ae..81a5821 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,10 +1,9 @@
 plugins {
     id 'org.springframework.boot' version '2.7.18'
-    id 'io.spring.dependency-management' version '1.0.11.RELEASE'
+    id 'io.spring.dependency-management' version '1.1.4'
     id 'java'
     id 'jacoco'
-    id 'com.github.spotbugs' version '6.0.4'
-    id 'org.owasp.dependencycheck' version '7.4.4'
+    id 'com.github.spotbugs' version '6.0.6'
 }
 
 group = 'uk.nhs.prm.repo'
@@ -169,14 +168,5 @@ spotbugsIntegration {
     }
 }
 
-dependencyCheck {
-    failBuildOnCVSS = 7
-    suppressionFile = './dependency-checks-suppression.xml'
-    analyzers {
-          assemblyEnabled = false
-          ossIndexEnabled = false
-    }
-}
-
 check.dependsOn integration
 
diff --git a/dependency-checks-suppression.xml b/dependency-checks-suppression.xml
deleted file mode 100644
index 89f6b90..0000000
--- a/dependency-checks-suppression.xml
+++ /dev/null
@@ -1,118 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-   <suppress>
-      <notes><![CDATA[
-      false positive: https://github.com/jeremylong/DependencyCheck/issues/3865
-      file name: netty-tcnative-classes-2.0.46.Final.jar
-      ]]></notes>
-      <packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
-      <cpe>cpe:/a:netty:netty</cpe>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-     Suppress this CVE that is a wontfix from spring because it is about how spring provides
-     a java deserialisation and invocation endpoint implementation that if you expose
-     unauthenticated would be risky.  They argue that's a you (app) problem.
-     ]]></notes>
-      <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-.*$</packageUrl>
-      <cve>CVE-2016-1000027</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-     Spring-framework libraries always have groupId org.springframework with no further extension, so suppress the
-     spring_framework package identification for old and third party libs that merely include spring jars
-     ]]></notes>
-      <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-.*$</packageUrl>
-      <cpe>cpe:/a:springsource:spring_framework</cpe>
-      <cpe>cpe:/a:pivotal_software:spring_framework</cpe>
-      <cpe>cpe:/a:vmware:spring_framework</cpe>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-      6.5.0 version is only used by spotbugs who do not exercise vulnerability:
-
-      https://github.com/spotbugs/spotbugs/discussions/2251
-
-      file name: bcel-6.5.0.jar
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/org\.apache\.bcel/bcel@.*$</packageUrl>
-      <vulnerabilityName>CVE-2022-42920</vulnerabilityName>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-      false positive for commons_net
-      file name: commons-codec-*.jar
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/commons\-codec/commons\-codec@.*$</packageUrl>
-      <cve>CVE-2021-37533</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-      false positive for commons_net
-      file name: commons-text-*.jar
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/org\.apache\.commons/commons\-text@.*$</packageUrl>
-      <cve>CVE-2021-37533</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-      false positive for commons_net
-      file name: commons-logging-*.jar
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/commons\-logging/commons\-logging@.*$</packageUrl>
-      <cve>CVE-2021-37533</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-   false positive CVEs not related to package
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
-      <cve>CVE-2022-3064</cve>
-      <cve>CVE-2021-4235</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-        false positive CVE-2021-4277 is not related to package
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/org\.latencyutils/LatencyUtils@.*$</packageUrl>
-      <cve>CVE-2021-4277</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-        false positive CVE-2021-4277 is not related to package
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/software\.amazon\.awssdk/json\-utils@.*$</packageUrl>
-      <cve>CVE-2021-4277</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-        false positive CVE-2021-4277 is not related to package
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/software\.amazon\.awssdk/utils@.*$</packageUrl>
-      <cve>CVE-2021-4277</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-         false positive CVE refers specifically to hutool not this aws package
-         file name: json-utils-2.18.41.jar
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/software\.amazon\.awssdk/json\-utils@.*$</packageUrl>
-      <cve>CVE-2022-45688</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-         false positive CVE refers specifically to hutool not this aws package
-         file name: aws-json-protocol-2.18.41.jar
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/software\.amazon\.awssdk/aws\-json\-protocol@.*$</packageUrl>
-      <cve>CVE-2022-45688</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
-         false positive CVE refers specifically to hutool not this package
-         file name: jackson-core-2.13.4.jar
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
-      <cve>CVE-2022-45688</cve>
-   </suppress>
-</suppressions>
diff --git a/gocd/audit.pipeline.gocd.yml b/gocd/audit.pipeline.gocd.yml
deleted file mode 100644
index d50c9ec..0000000
--- a/gocd/audit.pipeline.gocd.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-format_version: 4
-pipelines:
-  re-registration-service.audit:
-    group: repo-audit
-    label_template: '${COUNT}-${git[:8]}'
-    materials:
-      git:
-        type: configrepo
-    timer:
-      spec: 0 0 5 ? * MON,TUE,WED,THU,FRI *
-    stages:
-      - audit:
-          clean_workspace: true
-          approval: manual
-          jobs:
-            dependency_check:
-              artifacts:
-                - build:
-                    source: build/reports
-              tabs:
-                dependency: reports/dependency-check-report.html
-              resources:
-                - docker
-              tasks:
-                - exec:
-                    command: /bin/bash
-                    arguments:
-                      - -c
-                      - ./tasks dep
diff --git a/tasks b/tasks
index c2e19c5..23dcb66 100755
--- a/tasks
+++ b/tasks
@@ -231,12 +231,6 @@ case "${command}" in
   run_localstack_local)
       docker-compose -f docker-compose.localstack-local.yaml up -d
       ;;
-  _dep)
-      gradle dependencyCheckAnalyze
-      ;;
-  dep)
-      dojo "./tasks _dep"
-      ;;
   _tf)
       _assume_environment_role $NHS_ENVIRONMENT
       tf_init