diff --git a/build.gradle b/build.gradle
index 5224219..6b1dcf7 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,8 +1,7 @@
 plugins {
     id 'org.springframework.boot' version '2.7.18'
-    id 'io.spring.dependency-management' version '1.0.11.RELEASE'
+    id 'io.spring.dependency-management' version '1.1.4'
     id 'java'
-    id 'org.owasp.dependencycheck' version '7.4.4'
 }
 
 group = 'uk.nhs.prm.repo'
@@ -56,12 +55,3 @@ dependencies {
 tasks.named('test') {
     useJUnitPlatform()
 }
-
-dependencyCheck {
-    failBuildOnCVSS = 7
-    suppressionFile = './dependency-checks-suppression.xml'
-    analyzers {
-          assemblyEnabled = false
-          ossIndexEnabled = false
-    }
-}
diff --git a/dependency-checks-suppression.xml b/dependency-checks-suppression.xml
deleted file mode 100644
index 0386601..0000000
--- a/dependency-checks-suppression.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress>
-        <notes><![CDATA[
-     Suppress this CVE that is a wontfix from spring because it is about how spring provides
-     a java deserialisation and invocation endpoint implementation that if you expose
-     unauthenticated would be risky.  They argue that's a you (app) problem.
-     ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-.*$</packageUrl>
-        <cve>CVE-2016-1000027</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-     Spring-framework libraries always have groupId org.springframework with no further extension, so suppress the
-     spring_framework package identification for old and third party libs that merely include spring jars
-     ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-.*$</packageUrl>
-        <cpe>cpe:/a:springsource:spring_framework</cpe>
-        <cpe>cpe:/a:pivotal_software:spring_framework</cpe>
-        <cpe>cpe:/a:vmware:spring_framework</cpe>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-          false positive as spring boot uses safe constructor in snakeyaml, see:
-
-          https://github.com/spring-projects/spring-boot/issues/33457
-
-          file name: snakeyaml-1.33.jar
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
-        <vulnerabilityName>CVE-2022-1471</vulnerabilityName>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-   false positive CVEs not related to package
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
-        <cve>CVE-2022-3064</cve>
-        <cve>CVE-2021-4235</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-        false positive CVE-2021-4277 is not related to package
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.latencyutils/LatencyUtils@.*$</packageUrl>
-        <cve>CVE-2021-4277</cve>
-    </suppress>
-       <suppress>
-      <notes><![CDATA[
-         false positive CVE refers specifically to hutool not this package
-         file name: jackson-core-2.13.4.jar
-   ]]></notes>
-      <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
-      <cve>CVE-2022-45688</cve>
-   </suppress>
-</suppressions>
diff --git a/gocd/audit.pipeline.gocd.yml b/gocd/audit.pipeline.gocd.yml
deleted file mode 100644
index 552fb10..0000000
--- a/gocd/audit.pipeline.gocd.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-format_version: 4
-pipelines:
-  pds-fhir-stub.audit:
-    group: repo-audit
-    label_template: '${git[:8]}'
-    materials:
-      git:
-        type: configrepo
-        blacklist:
-          - docs/**/*.*
-    timer:
-      spec: 0 0 8 ? * MON,TUE,WED,THU,FRI *
-    stages:
-      - audit:
-          clean_workspace: true
-          approval: manual
-          jobs:
-            dependency_check:
-              artifacts:
-                - build:
-                    source: build/reports
-              tabs:
-                dependency: reports/dependency-check-report.html
-              resources:
-                - docker
-              tasks:
-                - exec:
-                    command: /bin/bash
-                    arguments:
-                      - -c
-                      - ./tasks dep
diff --git a/tasks b/tasks
index 14aa022..feb4bd3 100755
--- a/tasks
+++ b/tasks
@@ -187,12 +187,6 @@ case "${command}" in
   run_local)
     ./gradlew bootRun
     ;;
-  _dep)
-      gradle dependencyCheckAnalyze
-      ;;
-  dep)
-      dojo "./tasks _dep"
-      ;;
   tf)
       check_env
       dojo -c Dojofile-infra "./tasks _tf"