diff --git a/pom.xml b/pom.xml
index 387c96b..d9788ac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,5 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>gov.nist.secauto</groupId>
@@ -109,17 +111,23 @@
 
 		<!-- other dependencies -->
 		<dependency.auto-service.version>1.1.1</dependency.auto-service.version>
-		<dependency.commons-cli.version>1.5.0</dependency.commons-cli.version>
-		<dependency.commons-io.version>2.15.1</dependency.commons-io.version>
+		<dependency.commons-cli.version>1.7.0</dependency.commons-cli.version>
+		<dependency.commons-io.version>2.16.1</dependency.commons-io.version>
 		<dependency.everit-json.version>1.14.4</dependency.everit-json.version>
+		<dependency.jansi.version>2.4.1</dependency.jansi.version>
 		<dependency.jline.version>3.21.0</dependency.jline.version>
-		<dependency.json.version>20231013</dependency.json.version>
-		<dependency.log4j2.version>2.21.0</dependency.log4j2.version>
-		<dependency.spotbugs-annotations.version>4.7.3</dependency.spotbugs-annotations.version>
+		<dependency.json.version>20240303</dependency.json.version>
+		<dependency.log4j2.version>2.23.1</dependency.log4j2.version>
+		<dependency.pmd.version>7.1.0</dependency.pmd.version>
+		<dependency.spotbugs-annotations.version>4.8.3</dependency.spotbugs-annotations.version>
 		<dependency.saxon-he.version>12.4</dependency.saxon-he.version>
-		<dependency.xmlresolver.version>6.0.2</dependency.xmlresolver.version>
+		<dependency.xmlbeans.version>5.2.0</dependency.xmlbeans.version>
+		<dependency.xmlresolver.version>5.2.2</dependency.xmlresolver.version>
 
 		<plugin.license.version>4.2</plugin.license.version>
+		<plugin.maven-toolchains.version>3.1.0</plugin.maven-toolchains.version>
+		<plugin.pmd.version>3.22.0</plugin.pmd.version>
+		<plugin.spotbugs.version>4.8.4.0</plugin.spotbugs.version>
 	</properties>
 	<repositories>
 		<repository>
@@ -193,7 +201,11 @@
 			<!-- For console log color -->
 			<groupId>org.fusesource.jansi</groupId>
 			<artifactId>jansi</artifactId>
+<<<<<<< HEAD
 			<version>2.4.1</version>
+=======
+			<version>${dependency.jansi.version}</version>
+>>>>>>> 549a44e (Fixed PMD errors)
 		</dependency>
 		<dependency>
 			<groupId>commons-io</groupId>
@@ -216,6 +228,11 @@
 			<classifier>data</classifier>
 			<version>${dependency.xmlresolver.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.xmlbeans</groupId>
+			<artifactId>xmlbeans</artifactId>
+			<version>${dependency.xmlbeans.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>com.github.erosb</groupId>
 			<artifactId>everit-json-schema</artifactId>
@@ -262,6 +279,27 @@
 
 		<pluginManagement>
 			<plugins>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-toolchains-plugin</artifactId>
+					<version>${plugin.maven-toolchains.version}</version>
+					<executions>
+						<execution>
+							<goals>
+								<goal>toolchain</goal>
+							</goals>
+						</execution>
+					</executions>
+					<configuration>
+						<toolchains>
+							<jdk>
+								<version>11</version>
+								<vendor>temurin</vendor>
+							</jdk>
+						</toolchains>
+					</configuration>
+				</plugin>
+
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-site-plugin</artifactId>
@@ -284,13 +322,50 @@
 				<plugin>
 					<groupId>com.github.spotbugs</groupId>
 					<artifactId>spotbugs-maven-plugin</artifactId>
+					<version>${plugin.spotbugs.version}</version>
 					<configuration>
 						<excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile>
 					</configuration>
 				</plugin>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-pmd-plugin</artifactId>
+					<version>${plugin.pmd.version}</version>
+					<dependencies>
+						<dependency>
+							<groupId>net.sourceforge.pmd</groupId>
+							<artifactId>pmd-core</artifactId>
+							<version>${dependency.pmd.version}</version>
+						</dependency>
+						<dependency>
+							<groupId>net.sourceforge.pmd</groupId>
+							<artifactId>pmd-java</artifactId>
+							<version>${dependency.pmd.version}</version>
+						</dependency>
+					</dependencies>
+					<executions>
+						<execution>
+							<id>pmd-verify</id>
+							<goals>
+								<goal>check</goal>
+							</goals>
+							<configuration>
+								<failurePriority>2</failurePriority>
+								<!-- fail on error for all builds -->
+								<failOnViolation>true</failOnViolation>
+								<printFailingErrors>true</printFailingErrors>
+								<format>sarif</format>
+							</configuration>
+						</execution>
+					</executions>
+				</plugin>
 			</plugins>
 		</pluginManagement>
 		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-toolchains-plugin</artifactId>
+			</plugin>
 			<plugin>
 				<groupId>io.github.git-commit-id</groupId>
 				<artifactId>git-commit-id-maven-plugin</artifactId>
@@ -324,7 +399,8 @@
 							<addClasspath>true</addClasspath>
 							<!-- <classpathPrefix>lib/</classpathPrefix> -->
 							<classpathLayoutType>custom</classpathLayoutType>
-							<customClasspathLayout>${artifact.groupId}.${artifact.artifactId}-$${artifact.version}.${artifact.extension}</customClasspathLayout>
+							<customClasspathLayout>
+								${artifact.groupId}.${artifact.artifactId}-$${artifact.version}.${artifact.extension}</customClasspathLayout>
 						</manifest>
 					</archive>
 				</configuration>
@@ -343,8 +419,10 @@
 					<generateRepository>false</generateRepository>
 					<repositoryLayout>flat</repositoryLayout>
 					<repositoryName>lib</repositoryName>
-					<outputFileNameMapping>@{groupId}@.@{artifactId}@-@{version}@.@{extension}@</outputFileNameMapping>
-					<extraJvmArguments>-Dsun.stdout.encoding=UTF-8 -Dsun.stderr.encoding=UTF-8</extraJvmArguments>
+					<outputFileNameMapping>
+						@{groupId}@.@{artifactId}@-@{version}@.@{extension}@</outputFileNameMapping>
+					<extraJvmArguments>-Dsun.stdout.encoding=UTF-8
+						-Dsun.stderr.encoding=UTF-8</extraJvmArguments>
 					<projectArtifactFirstInClassPath>true</projectArtifactFirstInClassPath>
 					<includeConfigurationDirectoryInClasspath>false</includeConfigurationDirectoryInClasspath>
 				</configuration>
@@ -422,10 +500,13 @@
 							<goal>add-third-party</goal>
 						</goals>
 						<configuration>
-							<outputDirectory>${project.build.directory}/generated-distro</outputDirectory>
+							<outputDirectory>
+								${project.build.directory}/generated-distro</outputDirectory>
 							<thirdPartyFilename>LICENSE-THIRD-PARTY.txt</thirdPartyFilename>
 							<licenseMerges>
-								<licenseMerge>The Apache Software License, Version 2.0|Apache License, Version 2.0|Apache Public License 2.0</licenseMerge>
+								<licenseMerge>The Apache Software License,
+									Version 2.0|Apache License, Version
+									2.0|Apache Public License 2.0</licenseMerge>
 							</licenseMerges>
 						</configuration>
 					</execution>
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java
index 78f6876..43b9f38 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java
@@ -47,7 +47,7 @@ public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine c
     return new OscalCommandExecutor(callingContext, commandLine);
   }
 
-  private class OscalCommandExecutor
+  private final class OscalCommandExecutor
       extends AbstractConversionCommandExecutor {
 
     private OscalCommandExecutor(
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java
index 0db1fa6..ebc5c21 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java
@@ -60,7 +60,7 @@ public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine c
     return new OscalCommandExecutor(callingContext, commandLine);
   }
 
-  private class OscalCommandExecutor
+  private final class OscalCommandExecutor
       extends AbstractValidationCommandExecutor {
 
     private OscalCommandExecutor(
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java
index d3e9488..3c682b6 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java
@@ -281,10 +281,11 @@ protected ExitStatus executeCommand(
       // this is a profile
       URI sourceUri = ObjectUtils.notNull(source.toUri());
 
-      DynamicContext dynamicContext = StaticContext.builder()
-          .baseUri(sourceUri)
-          .build()
-          .dynamicContext();
+      DynamicContext dynamicContext = new DynamicContext(
+          StaticContext.builder()
+              .baseUri(sourceUri)
+              .defaultModelNamespace(document.getNamespace())
+              .build());
       dynamicContext.setDocumentLoader(loader);
       ProfileResolver resolver = new ProfileResolver();
       resolver.setDynamicContext(dynamicContext);
@@ -308,7 +309,7 @@ protected ExitStatus executeCommand(
           = OscalBindingContext.instance().newSerializer(toFormat, Catalog.class);
       try {
         if (destination == null) {
-          @SuppressWarnings("resource") PrintStream stdOut = ObjectUtils.notNull(System.out);
+          @SuppressWarnings({ "resource", "PMD.CloseResource" }) PrintStream stdOut = ObjectUtils.notNull(System.out);
           serializer.serialize((Catalog) INodeItem.toValue(resolvedProfile), stdOut);
         } else {
           serializer.serialize((Catalog) INodeItem.toValue(resolvedProfile), destination);