From 1ddf312082dac63cba74e8dce0fd7b3b75327196 Mon Sep 17 00:00:00 2001
From: redcatbaer <rcb4gh@proton.me>
Date: Sun, 14 Jun 2026 09:55:22 +0200
Subject: [PATCH 1/5] Updated OFT to version 4.5.0 and added SPDX SBOM support

---
 AGENTS.md          | 81 ++++++++++++++++++++++++++++++++++++++++++++++
 CHANGELOG.md       |  5 ++-
 CODE_OF_CONDUCT.md |  9 ++++++
 SECURITY.md        | 13 ++++++++
 pom.xml            | 48 ++++++++++++++++-----------
 5 files changed, 136 insertions(+), 20 deletions(-)
 create mode 100644 AGENTS.md
 create mode 100644 CODE_OF_CONDUCT.md
 create mode 100644 SECURITY.md

diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..74a11fa
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,81 @@
+---
+name: oft-contributor
+description: Expert Java developer for maintaining and evolving the OpenFastTrace Maven Plugin.
+---
+
+### AGENTS.md — OpenFastTrace Maven Plugin
+
+This file provides guidance for AI agents and LLMs working on the OpenFastTrace Maven Plugin project.
+
+### Key Commands
+
+All commands should be run from the repository root.
+
+| Task                     | Command                                                                  |
+|:-------------------------|:-------------------------------------------------------------------------|
+| **Verify (All tests)**   | `mvn -T 1C verify`                                                       |
+| **Build (full)**         | `mvn -T 1C clean package -DskipTests`                                    |
+| **Run Unit Tests**       | `mvn -T 1C test`                                                         |
+| **Run Single Test**      | `mvn test -Dtest=ClassName`                                              |
+| **Run Integration Test** | `mvn failsafe:integration-test`                                          |
+| **Check Dependencies**   | `mvn versions:display-dependency-updates`                                |
+
+### Agent Role & Persona
+
+You are an expert Java developer specializing in requirement tracing and Maven plugin development. Your goal is to help maintain and evolve the OpenFastTrace Maven Plugin, following "Clean Code" principles and ensuring high reliability.
+
+### Boundaries
+
+- **Always**:
+  - Follow the branching strategy: `<type>/<number>_<short-description-lower-snake-case>` (e.g., `feature/533_update_agents_md`).
+  - Place coverage markers at the narrowest possible scope (method or class).
+- **Ask First**:
+  - Before adding new external dependencies to `pom.xml`.
+- **Never**:
+  - Never remove failing tests unless specifically instructed to do so. Fix the code instead.
+  - Never modify files in `.idea/` or other IDE-specific metadata folders.
+  - Never bypass `mvn verify` checks (e.g., by skipping static analysis or tests) during final validation.
+
+### Code Examples
+
+#### Requirement Tagging in Java
+Show coverage of a requirement (e.g., `req~trace-goal~1`) in the implementation:
+
+```java
+/**
+ * Mojo for tracing requirements.
+ * // [impl->req~trace-goal~1]
+ */
+@Mojo(name = "trace", defaultPhase = LifecyclePhase.VERIFY, threadSafe = true)
+public class TraceMojo extends AbstractMojo {
+    // implementation details...
+}
+```
+
+### Project Stack & Structure
+
+- **Tech Stack**: Java 17+, Maven 3.8+, JUnit 5, Mockito, Hamcrest.
+- **Architecture**:
+  - Single-module Maven project providing a Maven Plugin.
+  - `src/main/java`: Plugin implementation (Mojos).
+  - `src/test/java`: Unit tests.
+  - `src/test/resources`: Integration test projects and logging configuration.
+
+### Code Style & Conventions
+
+- **Clean Code**: Meaningful names, small functions, single responsibility.
+- **Logging**: Use `java.util.logging`. Test config: `src/test/resources/logging.properties`.
+
+### Development Workflow
+
+1. **Create Branch** (see [Boundaries](#boundaries))
+2. **Implement**: Tag all new code with coverage markers.
+3. **Verify**: `mvn -T 1C verify`.
+4. **Review**: All changes require human review per `CONTRIBUTING.md`.
+
+### Agent Skills & Critical Files
+
+- **Key Resources**:
+  - `README.md`: General overview and usage documentation.
+  - `CONTRIBUTING.md`: Human-AI collaboration guidelines.
+  - `CHANGELOG.md`: Project history.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index abe27c8..0fb2c25 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [2.3.2] - Unreleased
+## [2.4.0] - 2026-06-14
+
+* [PR# 88](https://github.com/itsallcode/openfasttrace-maven-plugin/pull/88) Updated to [OpenFastTrace 4.5.0](https://github.com/itsallcode/openfasttrace/releases/tag/4.5.0)
+* We also now generate an SPDX SBOM
 
 ## [2.3.1] - 2026-05-18
 
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..ceff795
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,9 @@
+# OpenFastTrace Project Code of Conduct
+
+* Treat others with respect.
+* Criticize ideas, not people.
+* Back up your arguments with facts and reasoning.
+* Keep discussions on topic and concise.
+* Disagreements are fine — personal attacks are not.
+* Help people who ask for it. We were all beginners once.
+* Offer solutions, not just complaints.
\ No newline at end of file
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..efffbf0
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+We are very grateful for any security reports and see them as a valuable way to improve the quality and reliability of our codebase. As a non-profit open-source project, we appreciate the time and effort the community puts into helping us keep OpenFastTrace secure.
+
+Please note that we do not offer bug bounties.
+
+To report a vulnerability, please use the [GitHub Security Advisory reporting feature](https://github.com/itsallcode/openfasttrace/security/advisories/new) or contact the maintainers directly. We strive to address all security concerns in a timely and professional manner.
+
+## Software Bill of Materials (SBOM)
+
+To enhance transparency and security, SPDX SBOMs (Software Bill of Materials) are included with the GitHub releases starting from version 4.6.0. These files provide a comprehensive list of all components and dependencies used in the project.
diff --git a/pom.xml b/pom.xml
index 2207b1d..ded1f79 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
 
     <groupId>org.itsallcode</groupId>
     <artifactId>openfasttrace-maven-plugin</artifactId>
-    <version>2.3.1</version>
+    <version>2.4.0</version>
     <packaging>maven-plugin</packaging>
 
     <name>OpenFastTrace Maven Plugin</name>
@@ -15,7 +15,7 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <java.version>17</java.version>
-        <oft.version>4.4.0</oft.version>
+        <oft.version>4.5.0</oft.version>
         <!-- Maven version available in Debian 13 -->
         <maven.core.version>3.8.9</maven.core.version>
         <jacoco.version>0.8.14</jacoco.version>
@@ -110,21 +110,7 @@
         <dependency>
             <groupId>org.apache.maven.plugin-testing</groupId>
             <artifactId>maven-plugin-testing-harness</artifactId>
-            <version>3.3.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <!-- Fix CVE-2021-29425 in transitive dependency of maven-plugin-testing-harness -->
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>2.22.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <!-- Fix CVE-2012-2098 and CVE-2023-37460 in dependency of maven-plugin-testing-harness -->
-            <groupId>org.codehaus.plexus</groupId>
-            <artifactId>plexus-archiver</artifactId>
-            <version>4.11.0</version>
+            <version>3.5.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -161,7 +147,7 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>6.0.3</version>
+            <version>6.1.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -311,7 +297,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.15.0</version>
+                <version>3.15.1</version>
                 <configuration>
                     <source>${java.version}</source>
                     <target>${java.version}</target>
@@ -571,6 +557,30 @@
                     <failOnNonReproducible>true</failOnNonReproducible>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.spdx</groupId>
+                <artifactId>spdx-maven-plugin</artifactId>
+                <version>1.0.3</version>
+                <executions>
+                    <execution>
+                        <id>aggregate-spdx</id>
+                        <goals>
+                            <goal>aggregateSPDX</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <sbomType>build</sbomType>
+                    <includeTestScope>false</includeTestScope>
+                    <licenseDeclared>GPL-3.0-only</licenseDeclared>
+                    <licenseConcluded>GPL-3.0-only</licenseConcluded>
+                    <copyrightText>Copyright (c) itsallcode.org</copyrightText>
+                    <createExternalRefs>false</createExternalRefs>
+                    <defaultFileConcludedLicense>GPL-3.0-only</defaultFileConcludedLicense>
+                    <defaultLicenseInformationInFile>GPL-3.0-only</defaultLicenseInformationInFile>
+                    <defaultFileCopyright>Copyright (c) itsallcode.org</defaultFileCopyright>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
 </project>

From 8b70766a0d992057203094beaa4f2182d5c6e27c Mon Sep 17 00:00:00 2001
From: redcatbaer <rcb4gh@proton.me>
Date: Sun, 14 Jun 2026 11:36:01 +0200
Subject: [PATCH 2/5] Added Fixed duplicate warning and defined SBOM included
 scopes explicitly.

---
 SECURITY.md |  2 +-
 pom.xml     | 67 +++++++++++++++++++++++++++++++++++------------------
 2 files changed, 46 insertions(+), 23 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index efffbf0..4161a0c 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -10,4 +10,4 @@ To report a vulnerability, please use the [GitHub Security Advisory reporting fe
 
 ## Software Bill of Materials (SBOM)
 
-To enhance transparency and security, SPDX SBOMs (Software Bill of Materials) are included with the GitHub releases starting from version 4.6.0. These files provide a comprehensive list of all components and dependencies used in the project.
+To enhance transparency and security, SPDX SBOMs (Software Bill of Materials) are included with the plugin releases starting from version 2.4.0. These files provide a comprehensive list of all components and dependencies used in the project.
diff --git a/pom.xml b/pom.xml
index ded1f79..3fd1ff7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,9 +17,10 @@
         <java.version>17</java.version>
         <oft.version>4.5.0</oft.version>
         <!-- Maven version available in Debian 13 -->
-        <maven.core.version>3.8.9</maven.core.version>
+        <maven.core.version>3.9.9</maven.core.version>
+        <!-- Below is not a typo. It's the version of the Maven Plugin Plugin. -->
+        <maven.plugin.plugin.version>3.15.2</maven.plugin.plugin.version>
         <jacoco.version>0.8.14</jacoco.version>
-        <mavenPluginPluginVersion>3.15.2</mavenPluginPluginVersion>
         <sonar.organization>itsallcode</sonar.organization>
         <sonar.host.url>https://sonarcloud.io</sonar.host.url>
         <project.build.outputTimestamp>${git.commit.time}</project.build.outputTimestamp>
@@ -78,7 +79,7 @@
             <artifactId>plexus-utils</artifactId>
             <!-- Build fails with version > 4.0.0 -->
             <!-- Fix CVE-2025-67030 -->
-            <version>3.6.1</version>
+            <version>4.0.3</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -90,7 +91,7 @@
         <dependency>
             <groupId>org.apache.maven.plugin-tools</groupId>
             <artifactId>maven-plugin-annotations</artifactId>
-            <version>3.15.1</version>
+            <version>${maven.plugin.plugin.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -99,13 +100,6 @@
             <version>${maven.core.version}</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <!-- Upgrade transitive dependency of maven-core to fix CVE-2025-48924 -->
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-lang3</artifactId>
-            <version>3.20.0</version>
-            <scope>provided</scope>
-        </dependency>
         <!-- Test dependencies -->
         <dependency>
             <groupId>org.apache.maven.plugin-testing</groupId>
@@ -113,13 +107,6 @@
             <version>3.5.1</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <!-- Fix CVE-2024-36124 in dependency of plexus-archiver -->
-            <groupId>org.iq80.snappy</groupId>
-            <artifactId>snappy</artifactId>
-            <version>0.5</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.hamcrest</groupId>
             <artifactId>hamcrest-library</artifactId>
@@ -297,7 +284,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.15.1</version>
+                <version>3.15.0</version>
                 <configuration>
                     <source>${java.version}</source>
                     <target>${java.version}</target>
@@ -305,7 +292,7 @@
                         <path>
                             <groupId>org.apache.maven.plugins</groupId>
                             <artifactId>maven-plugin-plugin</artifactId>
-                            <version>${mavenPluginPluginVersion}</version>
+                            <version>${maven.plugin.plugin.version}</version>
                         </path>
                     </annotationProcessorPaths>
                     <compilerArgs>
@@ -318,7 +305,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
-                <version>${mavenPluginPluginVersion}</version>
+                <version>${maven.plugin.plugin.version}</version>
                 <configuration>
                     <goalPrefix>openfasttrace</goalPrefix>
                     <skipErrorNoDescriptorsFound>false</skipErrorNoDescriptorsFound>
@@ -372,7 +359,7 @@
                 </executions>
                 <configuration>
                     <charset>UTF-8</charset>
-                    <doclint></doclint>
+                    <doclint/>
                     <serialwarn>true</serialwarn>
                     <failOnError>true</failOnError>
                     <!-- Generated class HelpMojo causes warning with Java 21: use of default constructor, which does not provide a comment -->
@@ -540,6 +527,13 @@
                          <!-- Suppress warning "Found duplicate and different resources in [org.eclipse.sisu:org.eclipse.sisu.inject:0.3.5, org.eclipse.sisu:org.eclipse.sisu.plexus:0.3.5]" -->
                         <ignoredResourcePattern>about.html</ignoredResourcePattern>
                     </ignoredResourcePatterns>
+                    <ignoredDependencies>
+                        <!-- Workaround for https://github.com/itsallcode/openfasttrace/issues/428: API and openfasttrace module have overlaps -->
+                        <ignoredDependency>
+                            <groupId>org.itsallcode.openfasttrace</groupId>
+                            <artifactId>openfasttrace</artifactId>
+                        </ignoredDependency>
+                    </ignoredDependencies>
                 </configuration>
             </plugin>
             <plugin>
@@ -558,6 +552,7 @@
                 </configuration>
             </plugin>
             <plugin>
+                <!-- Create an aggregated SPDX SBOM -->
                 <groupId>org.spdx</groupId>
                 <artifactId>spdx-maven-plugin</artifactId>
                 <version>1.0.3</version>
@@ -571,6 +566,10 @@
                 </executions>
                 <configuration>
                     <sbomType>build</sbomType>
+                    <includeCompileScope>true</includeCompileScope>
+                    <includeRuntimeScope>true</includeRuntimeScope>
+                    <includeProvidedScope>true</includeProvidedScope>
+                    <includeSystemScope>false</includeSystemScope>
                     <includeTestScope>false</includeTestScope>
                     <licenseDeclared>GPL-3.0-only</licenseDeclared>
                     <licenseConcluded>GPL-3.0-only</licenseConcluded>
@@ -581,6 +580,30 @@
                     <defaultFileCopyright>Copyright (c) itsallcode.org</defaultFileCopyright>
                 </configuration>
             </plugin>
+            <plugin>
+                <!-- Bundle the SPDX SBOM with the Maven artifact -->
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <version>3.6.1</version>
+                <executions>
+                    <execution>
+                        <id>attach-spdx-sbom</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>attach-artifact</goal>
+                        </goals>
+                        <configuration>
+                            <artifacts>
+                                <artifact>
+                                    <file>${project.build.directory}/site/${project.groupId}_${project.artifactId}-${project.version}.spdx</file>
+                                    <type>spdx</type>
+                                    <classifier>sbom</classifier>
+                                </artifact>
+                            </artifacts>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 </project>

From f57d4438e04bf1e20c84f4d4243c5026f812eafb Mon Sep 17 00:00:00 2001
From: redcatbaer <rcb4gh@proton.me>
Date: Sun, 14 Jun 2026 14:12:40 +0200
Subject: [PATCH 3/5] Fixed file suffix.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3fd1ff7..4b1147a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -595,7 +595,7 @@
                         <configuration>
                             <artifacts>
                                 <artifact>
-                                    <file>${project.build.directory}/site/${project.groupId}_${project.artifactId}-${project.version}.spdx</file>
+                                    <file>${project.build.directory}/site/${project.groupId}_${project.artifactId}-${project.version}.spdx.json</file>
                                     <type>spdx</type>
                                     <classifier>sbom</classifier>
                                 </artifact>

From 76facbb9ff13d8b43ce312bde9eb068316940809 Mon Sep 17 00:00:00 2001
From: redcatbaer <rcb4gh@proton.me>
Date: Sun, 14 Jun 2026 16:39:21 +0200
Subject: [PATCH 4/5] Applied code review findings.

---
 AGENTS.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/AGENTS.md b/AGENTS.md
index 74a11fa..b232330 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -13,9 +13,9 @@ All commands should be run from the repository root.
 
 | Task                     | Command                                                                  |
 |:-------------------------|:-------------------------------------------------------------------------|
-| **Verify (All tests)**   | `mvn -T 1C verify`                                                       |
-| **Build (full)**         | `mvn -T 1C clean package -DskipTests`                                    |
-| **Run Unit Tests**       | `mvn -T 1C test`                                                         |
+| **Verify (All tests)**   | `mvn verify`                                                       |
+| **Build (full)**         | `mvn clean package -DskipTests`                                    |
+| **Run Unit Tests**       | `mvn test`                                                         |
 | **Run Single Test**      | `mvn test -Dtest=ClassName`                                              |
 | **Run Integration Test** | `mvn failsafe:integration-test`                                          |
 | **Check Dependencies**   | `mvn versions:display-dependency-updates`                                |
@@ -28,7 +28,6 @@ You are an expert Java developer specializing in requirement tracing and Maven p
 
 - **Always**:
   - Follow the branching strategy: `<type>/<number>_<short-description-lower-snake-case>` (e.g., `feature/533_update_agents_md`).
-  - Place coverage markers at the narrowest possible scope (method or class).
 - **Ask First**:
   - Before adding new external dependencies to `pom.xml`.
 - **Never**:

From 81654c5cb4f21c624070d34c65a156474762bb37 Mon Sep 17 00:00:00 2001
From: redcatbaer <rcb4gh@proton.me>
Date: Sun, 14 Jun 2026 17:40:09 +0200
Subject: [PATCH 5/5] Improved readme.

---
 README.md | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 44510bb..12b3182 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Maven Plugin for [OpenFastTrace](https://github.com/itsallcode/openfasttrace) (O
 [![Build](https://github.com/itsallcode/openfasttrace-maven-plugin/actions/workflows/build.yml/badge.svg)](https://github.com/itsallcode/openfasttrace-maven-plugin/actions/workflows/build.yml)
 [![Maven Central](https://img.shields.io/maven-central/v/org.itsallcode/openfasttrace-maven-plugin.svg?label=Maven%20Central)](http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.itsallcode%22%20a%3A%22openfasttrace-maven-plugin%22)
 
-Sonarcloud status:
+SonarCloud status:
 
 [![Quality Gate](https://sonarcloud.io/api/project_badges/measure?project=org.itsallcode%3Aopenfasttrace-maven-plugin&metric=alert_status)](https://sonarcloud.io/dashboard?id=org.itsallcode%3Aopenfasttrace-maven-plugin)
 [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=org.itsallcode%3Aopenfasttrace-maven-plugin&metric=bugs)](https://sonarcloud.io/dashboard?id=org.itsallcode%3Aopenfasttrace-maven-plugin)
@@ -21,10 +21,13 @@ Sonarcloud status:
 [![Technical Dept](https://sonarcloud.io/api/project_badges/measure?project=org.itsallcode%3Aopenfasttrace-maven-plugin&metric=sqale_index)](https://sonarcloud.io/dashboard?id=org.itsallcode%3Aopenfasttrace-maven-plugin)
 [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=org.itsallcode%3Aopenfasttrace-maven-plugin&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=org.itsallcode%3Aopenfasttrace-maven-plugin)
 
-* [Blog](https://blog.itsallcode.org/)
-* [Changelog](CHANGELOG.md)
-* [Contributing guide](CONTRIBUTING.md)
-* [OpenFastTrace stories](https://github.com/itsallcode/openfasttrace/wiki/OFT-Stories)
+* [📢 Blog](https://blog.itsallcode.org/)
+* [➕ Changelog](CHANGELOG.md)
+* [🎁 Contributing Guide](CONTRIBUTING.md)
+* [🤝 Code of Conduct](CODE_OF_CONDUCT.md)
+* [🛡️ Security Policy](SECURITY.md)
+* [✨ OpenFastTrace Stories](https://github.com/itsallcode/openfasttrace/wiki/OFT-Stories)
+* [🤖 AI Agent Guide](AGENTS.md)
 
 ## Usage
 
@@ -59,7 +62,7 @@ Then you can run tracing by calling the goal directly: `mvn openfasttrace:trace`
 
 The plugin binds to the `verify` lifecycle, so you can also use `mvn verify`.
 
-See [src/test/resources/empty-project](src/test/resources/simple-project/) for an example project.
+See [src/test/resources/empty-project](src/test/resources/simple-project) for an example project.
 
 ### OpenFastTrace Plugins
 
@@ -89,9 +92,9 @@ You can configure the plugin using the `<configuration>` element.
 
 #### Traced Directories
 
-By default the OFT plugin imports requirements from the following directories:
+By default, the OFT plugin imports requirements from the following directories:
 
-* The `doc` sub-directory of the module that includes the plugin if it exists
+* The `doc` subdirectory of the module that includes the plugin if it exists
 * For each Maven module in the project if they exist:
   * Compile source roots (default: `src/main/java`)
   * Resources (default: `src/main/resources`)
@@ -212,7 +215,7 @@ The HTML report will have its details sections collapsed (i.e. hidden) by defaul
 
 #### Fail Build
 
-By default the build will fail when there are errors found during tracing. To continue with the build when tracing fails, use configuration `<failBuild>false</failBuild>`.
+By default, the build will fail when there are errors found during tracing. To continue with the build when tracing fails, use configuration `<failBuild>false</failBuild>`.
 
 #### Skipping Execution
 
@@ -235,9 +238,9 @@ apt-get install openjdk-17-jdk maven
 This project uses Maven Toolchains to configure the correct JDK version (see the [documentation](https://maven.apache.org/guides/mini/guide-using-toolchains.html) for details). To configure the Toolchains plugin create file ` ~/.m2/toolchains.xml` with the following content. Adapt the paths to your JDKs.
 
 ```xml
-<toolchains xmlns="http://maven.apache.org/TOOLCHAINS/1.1.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/TOOLCHAINS/1.1.0 http://maven.apache.org/xsd/toolchains-1.1.0.xsd">
+<toolchains xmlns="https://maven.apache.org/TOOLCHAINS/1.1.0"
+    xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="https://maven.apache.org/TOOLCHAINS/1.1.0 https://maven.apache.org/xsd/toolchains-1.0.0.xsd">
     <toolchain>
         <type>jdk</type>
         <provides>
@@ -305,7 +308,7 @@ mvn --update-snapshots versions:use-latest-releases versions:update-properties
 ### Perform the Release
 
 1. Start the release workflow
-  * Run command `gh workflow run release.yml --repo itsallcode/openfasttrace-maven-plugin --ref main`
-  * or go to [GitHub Actions](https://github.com/itsallcode/openfasttrace-maven-plugin/actions/workflows/release.yml) and start the `release.yml` workflow on branch `main`.
+    * Run command `gh workflow run release.yml --repo itsallcode/openfasttrace-maven-plugin --ref main`
+    * or go to [GitHub Actions](https://github.com/itsallcode/openfasttrace-maven-plugin/actions/workflows/release.yml) and start the `release.yml` workflow on branch `main`.
 2. Update title and description of the newly created [GitHub release](https://github.com/itsallcode/openfasttrace-maven-plugin/releases).
 3. After some time the release will be available at [Maven Central](https://repo1.maven.org/maven2/org/itsallcode/openfasttrace-maven-plugin/).