docs: Clarify OSS index credentials

cli/src/site/markdown/arguments.md

@@ -79,8 +79,8 @@ Advanced Options
 |       | \-\-disableDart                       |                 | Sets whether the [experimental](../analyzers/index.html) Dart Analyzer will be disabled.                                                                                                                                                                                                                                           |          |
 |       | \-\-disableOssIndex                   |                 | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be disabled. This analyzer requires an internet connection.                                                                                                                                                                                       |          |
 |       | \-\-disableOssIndexCache              |                 | When the argument is present the OSS Index Analyzer will not cache results. By default results are cached for 24 hours.                                                                                                                                                                                                            |          |
-|       | \-\-ossIndexUsername                  | \<username\>    | The optional username to connect to Sonatype's OSS Index.                                                                                                                                                                                                                                                                          | &nbsp;        |
-|       | \-\-ossIndexPassword                  | \<password\>    | The optional password to connect to Sonatype's OSS Index.                                                                                                                                                                                                                                                                          | &nbsp;        |
+|       | \-\-ossIndexUsername                  | \<username\>    | To authenticate Sonatype OSS Index requests and profit from higher rate limits, provide the OSS account email address as username. Provide both a username _and_ a password (see below) or none.                                                                                                                                   | &nbsp;        |
+|       | \-\-ossIndexPassword                  | \<password\>    | Password or API token to connect to Sonatype's OSS Index. Provide both a username (see above) _and_ a password or none.                                                                                                                                                                                                            | &nbsp;        |
 |       | \-\-ossIndexRemoteErrorWarnOnly       | \<true\|false\> | Whether we should only warn about Sonatype OSS Index remote errors instead of failing completely.                                                                                                                                                                                                                                  | &nbsp;        |
 |       | \-\-ossIndexUrl                       | \<url\>         | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used.                                                                                                                                                                                                                                          | https://ossindex.sonatype.org |
 |       | \-\-disableCentral                    |                 | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Artifactory or Nexus Analyzer. | &nbsp; |

maven/src/site/markdown/configuration.md

@@ -62,7 +62,7 @@ knownExploitedEnabled               | Sets whether the Known Exploited Vulnerabi
 knownExploitedUrl                   | Sets URL to the CISA Known Exploited Vulnerabilities JSON data feed.                                                                                | https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
 ossindexAnalyzerEnabled             | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be enabled. This analyzer requires an internet connection.         | true
 ossindexAnalyzerUseCache            | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours.                                                       | true
-ossindexServerId                    | The id of a server defined in the settings.xml to retrieve the credentials (username and password) to connect to OSS Index instance; not it is not required to have a registered account and use this configuration. |  
+ossindexServerId                    | The id of [a server](https://maven.apache.org/settings.html#Servers) defined in the `settings.xml` to authenticate Sonatype OSS Index requests and profit from higher rate limits. Provide the OSS account email address as `username` and password or API token as `password`. |  
 ossindexAnalyzerUrl                 | The OSS Index server URL | https://ossindex.sonatype.org
 ossIndexWarnOnlyOnRemoteErrors      | Sets whether remote errors from the OSS Index (e.g. BAD GATEWAY, RATE LIMIT EXCEEDED) will result in warnings only instead of failing execution.    | false
 nexusAnalyzerEnabled                | Sets whether Nexus Analyzer will be used (requires Nexus Pro). This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true

src/site/markdown/dependency-check-gradle/configuration-aggregate.md

@@ -175,8 +175,8 @@ retirejs     | retireJsUrl           | The URL to the Retire JS repository.
 retirejs     | filterNonVulnerable   | Configures the RetireJS Analyzer to remove non-vulnerable JS dependencies from the report.                        | false
 retirejs     | filters               | Configures the list of regular expessions used to filter JS files based on content.                               |  
 ossIndex     | enabled               | Sets whether [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be used. This analyzer requires an internet connection. | true
-ossIndex     | username              | The optional user name to connect to Sonatype's OSS Index.                                                        |  
-ossIndex     | password              | The password or API token to connect to Sonatype's OSS Index.                                                     |  
+ossIndex     | username              | To authenticate Sonatype OSS Index requests and profit from higher rate limits, provide the OSS account email address as username. Provide both a username _and_ a password (see below) or none. |  
+ossIndex     | password              | Password or API token to connect to Sonatype's OSS Index. Provide both a username (see above) _and_ a password or none. |  
 ossIndex     | warnOnlyOnRemoteErrors| Sets whether remote errors from the OSS Index (e.g. BAD GATEWAY, RATE LIMIT EXCEEDED) will result in warnings only instead of failing execution. | false
 slack        | enabled               | Whether or not slack notifications are enabled.                                                                   | false
 slack        | webhookUrl            | The custom incoming webhook URL to receive notifications.                                                         |