diff --git a/README.md b/README.md
index db001b691..316fb8305 100644
--- a/README.md
+++ b/README.md
@@ -89,11 +89,17 @@ Make sure it is used (perhaps transitively) in `sample-plugin/pom.xml`.
Ideally also update the sample plugin’s tests to actually exercise it,
as a sanity check.
+Avoid adding transitive dependencies to `sample-plugin/pom.xml`. It is supposed
+to look as much as possible like a real plugin, and a real plugin should only
+declare its direct dependencies and not its transitive dependencies.
+
You can also add a `tests` entry,
for a plugin which specifies `false`.
You should introduce a POM property so that the version is not repeated.
The build will enforce that all transitive plugin dependencies are also managed.
+If the build fails due to an unmanaged transitive plugin dependency, add it to
+`bom/pom.xml`.
## PCT
diff --git a/bom/pom.xml b/bom/pom.xml
index 2a79fdebe..e36f79e12 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -206,6 +206,11 @@
timestamper
1.10
+
+ org.jenkins-ci.plugins
+ token-macro
+ 2.8
+
org.jenkins-ci.plugins
variant
diff --git a/sample-plugin/pom.xml b/sample-plugin/pom.xml
index 0b1f63a0a..788a843f1 100644
--- a/sample-plugin/pom.xml
+++ b/sample-plugin/pom.xml
@@ -134,6 +134,11 @@
timestamper
test
+
+ org.jenkins-ci.plugins
+ token-macro
+ test
+
org.jenkins-ci.plugins
variant