From e3363a27496bd5da5b299a49c4bf770257c519b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcel=20St=C3=B6r?= Date: Wed, 18 Dec 2024 22:46:14 +0100 Subject: [PATCH] Clarify OSS index credentials Fixes #4533. --- cli/src/site/markdown/arguments.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cli/src/site/markdown/arguments.md b/cli/src/site/markdown/arguments.md index d8c72b62163..33f2604e015 100644 --- a/cli/src/site/markdown/arguments.md +++ b/cli/src/site/markdown/arguments.md @@ -79,8 +79,8 @@ Advanced Options | | \-\-disableDart | | Sets whether the [experimental](../analyzers/index.html) Dart Analyzer will be disabled. |   | | | \-\-disableOssIndex | | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be disabled. This analyzer requires an internet connection. |   | | | \-\-disableOssIndexCache | | When the argument is present the OSS Index Analyzer will not cache results. By default results are cached for 24 hours. |   | -| | \-\-ossIndexUsername | \ | The optional username to connect to Sonatype's OSS Index. |   | -| | \-\-ossIndexPassword | \ | The optional password to connect to Sonatype's OSS Index. |   | +| | \-\-ossIndexUsername | \ | To authenticate Sonatype OSS Index requests and profit from higher rate limits, provide the OSS account email address as username. Provide both a username _and_ a password (see below) or none. |   | +| | \-\-ossIndexPassword | \ | Password or API token to connect to Sonatype's OSS Index. Provide both a username (see above) _and_ a password or none. |   | | | \-\-ossIndexRemoteErrorWarnOnly | \ | Whether we should only warn about Sonatype OSS Index remote errors instead of failing completely. |   | | | \-\-ossIndexUrl | \ | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. | https://ossindex.sonatype.org | | | \-\-disableCentral | | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Artifactory or Nexus Analyzer. |   | @@ -124,7 +124,7 @@ Advanced Options | | \-\-dbDriverPath | \ | The path to the database driver; note, this does not need to be set unless the JAR is outside of the class path. |   | | | \-\-dbPassword | \ | The password for connecting to the database. |   | | | \-\-dbUser | \ | The username used to connect to the database. |   | -| \-d | \-\-data | \ | The location of the data directory used to store persistent data. | /usr/local/var/dependencycheck if installed through brew (→ [formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/d/dependency-check.rb#L29)). Otherwise, the data directory is created inside the install directory i.e. as a sibling to the `/bin`, `/lib` directories. | +| \-d | \-\-data | \ | The location of the data directory used to store persistent data. | /usr/local/var/dependencycheck if installed through brew (→ [formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/d/dependency-check.rb#L29)). Otherwise, the data directory is created inside the install directory i.e. as a sibling to the `/bin`, `/lib` directories. | | | \-\-purge | | Delete the local copy of the NVD. This is used to force a refresh of the data. |   | | | \-\-disableHostedSuppressions | | Whether the usage of the hosted suppressions file will be disabled. | false | | | \-\-hostedSuppressionsForceUpdate | | Whether the hosted suppressions file will update regardless of the `noupdate` argument. | false |