chore: include list of third party dependencies and their licenses in each artifact

Replace the outdated embedded static files with license-maven-plugin.

Signed-off-by: Chad Wilson <29788154+chadlwilson@users.noreply.github.com>

Author: chadlwilson

NOTICE.txt

@@ -1,18 +1,9 @@
 dependency-check
 
-Copyright (c) 2012-2025 OWASP Dependency-Check Contributors. All Rights Reserved.
-
-The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
-
-This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
-
-This product includes software developed by Jquery.com (http://jquery.com/).
-
-This product includes software developed by Jonathan Hedley (jsoup.org)
-
-This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
-An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
+Copyright (c) 2012-2026 Jeremy Long. All Rights Reserved.
 
 This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
 
-This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
+This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
+
+This product includes third party software, whose licenses are enumerated at META-INF/THIRD-PARTY.txt in built distributions.

README.md

@@ -368,7 +368,7 @@ Dependency-Check makes use of several other open source libraries. Please see th
 
 This product uses the NVD API but is not endorsed or certified by the NVD.
 
-Copyright (c) 2012-2025 Jeremy Long. All Rights Reserved.
+Copyright (c) 2012-2026 Jeremy Long. All Rights Reserved.
 
   [wiki]: https://github.com/dependency-check/DependencyCheck/wiki
   [notices]: https://github.com/dependency-check/DependencyCheck/blob/main/NOTICE.txt

ant/NOTICE.txt

@@ -1,18 +1,9 @@
-OWASP dependency-check
+dependency-check-ant
 
-Copyright (c) 2012-2015 Jeremy Long. All Rights Reserved.
-
-The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
-
-This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
-
-This product includes software developed by Jquery.com (http://jquery.com/).
-
-This product includes software developed by Jonathan Hedley (jsoup.org)
-
-This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
-An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
+Copyright (c) 2012-2026 Jeremy Long. All Rights Reserved.
 
 This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
 
 This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
+
+This product includes third party software, whose licenses are enumerated at META-INF/THIRD-PARTY.txt in built distributions.

ant/README.md

@@ -12,7 +12,7 @@ Documentation and links to production binary releases can be found on the [githu
 Copyright & License
 -------------------
 
-Dependency-Check is Copyright (c) 2012-2014 Jeremy Long. All Rights Reserved.
+Dependency-Check is Copyright (c) 2012-2026 Jeremy Long. All Rights Reserved.
 
 Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt](https://github.com/dependency-check/DependencyCheck/blob/main/LICENSE.txt) file for the full license.
 

ant/pom.xml

@@ -58,6 +58,13 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     <include>NOTICE.txt</include>
                 </includes>
             </resource>
+            <resource>
+                <directory>${license.outputDirectory}</directory>
+                <targetPath>META-INF</targetPath>
+                <includes>
+                    <include>THIRD-PARTY.txt</include>
+                </includes>
+            </resource>
         </resources>
         <testResources>
             <testResource>

ant/src/main/assembly/release.xml

@@ -12,15 +12,6 @@
         <format>zip</format>
     </formats>
     <includeBaseDirectory>false</includeBaseDirectory>
-    <!--fileSets>
-        <fileSet>
-            <outputDirectory>dependency-check</outputDirectory>
-            <directory>${project.build.directory}</directory>
-            <includes>
-                <include>dependency-check*.jar</include>
-            </includes>
-        </fileSet>
-    </fileSets-->
     <files>
         <file>
             <source>${project.build.directory}/${project.artifactId}-${project.version}.jar</source>

ant/src/main/resources/META-INF/licenses/ant/LICENSE.txt

@@ -1,18 +1,9 @@
 dependency-check-cli
 
-Copyright (c) 2013 Jeremy Long. All Rights Reserved.
-
-The licenses for the software listed below can be found in the licenses.
-
-This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
-
-This product includes software developed by Jquery.com (http://jquery.com/).
-
-This product includes software developed by Jonathan Hedley (jsoup.org)
-
-This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
-An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
+Copyright (c) 2012-2026 Jeremy Long. All Rights Reserved.
 
 This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
 
-This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
+This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
+
+This product includes third party software, whose licenses are enumerated at META-INF/THIRD-PARTY.txt in built distributions.

cli/NOTICE.txt

@@ -11,7 +11,7 @@ Documentation and links to production binary releases can be found on the [githu
 Copyright & License
 ------------
 
-Dependency-Check is Copyright (c) 2012-2014 Jeremy Long. All Rights Reserved.
+Dependency-Check is Copyright (c) 2012-2026 Jeremy Long. All Rights Reserved.
 
 Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt](https://github.com/dependency-check/DependencyCheck/blob/main/cli/LICENSE.txt) file for the full license.
 

cli/README.md

@@ -48,7 +48,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                 <includes>
                     <include>completion-for-dependency-check.sh</include>
                 </includes>
-		<targetPath>../release/bin</targetPath>
+		        <targetPath>../release/bin</targetPath>
             </resource>
             <resource>
                 <directory>${basedir}</directory>
@@ -58,6 +58,13 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     <include>NOTICE.txt</include>
                 </includes>
             </resource>
+            <resource>
+                <directory>${license.outputDirectory}</directory>
+                <targetPath>META-INF</targetPath>
+                <includes>
+                    <include>THIRD-PARTY.txt</include>
+                </includes>
+            </resource>
         </resources>
         <plugins>
             <plugin>