diff --git a/cli/src/site/markdown/arguments.md b/cli/src/site/markdown/arguments.md index d8c72b62163..a60acf72a5f 100644 --- a/cli/src/site/markdown/arguments.md +++ b/cli/src/site/markdown/arguments.md @@ -79,8 +79,8 @@ Advanced Options | | \-\-disableDart | | Sets whether the [experimental](../analyzers/index.html) Dart Analyzer will be disabled. |   | | | \-\-disableOssIndex | | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be disabled. This analyzer requires an internet connection. |   | | | \-\-disableOssIndexCache | | When the argument is present the OSS Index Analyzer will not cache results. By default results are cached for 24 hours. |   | -| | \-\-ossIndexUsername | \ | The optional username to connect to Sonatype's OSS Index. |   | -| | \-\-ossIndexPassword | \ | The optional password to connect to Sonatype's OSS Index. |   | +| | \-\-ossIndexUsername | \ | To authenticate Sonatype OSS Index requests and profit from higher rate limits, provide the OSS account email address as username. Provide both a username _and_ a password (see below) or none. |   | +| | \-\-ossIndexPassword | \ | Password or API token to connect to Sonatype's OSS Index. Provide both a username (see above) _and_ a password or none. |   | | | \-\-ossIndexRemoteErrorWarnOnly | \ | Whether we should only warn about Sonatype OSS Index remote errors instead of failing completely. |   | | | \-\-ossIndexUrl | \ | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. | https://ossindex.sonatype.org | | | \-\-disableCentral | | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Artifactory or Nexus Analyzer. |   | diff --git a/maven/src/site/markdown/configuration.md b/maven/src/site/markdown/configuration.md index fba95d8d463..9b7cd53237c 100644 --- a/maven/src/site/markdown/configuration.md +++ b/maven/src/site/markdown/configuration.md @@ -62,7 +62,7 @@ knownExploitedEnabled | Sets whether the Known Exploited Vulnerabi knownExploitedUrl | Sets URL to the CISA Known Exploited Vulnerabilities JSON data feed. | https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json ossindexAnalyzerEnabled | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be enabled. This analyzer requires an internet connection. | true ossindexAnalyzerUseCache | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. | true -ossindexServerId | The id of a server defined in the settings.xml to retrieve the credentials (username and password) to connect to OSS Index instance; not it is not required to have a registered account and use this configuration. |   +ossindexServerId | The id of [a server](https://maven.apache.org/settings.html#Servers) defined in the `settings.xml` to authenticate Sonatype OSS Index requests and profit from higher rate limits. Provide the OSS account email address as `username` and password or API token as `password`. |   ossindexAnalyzerUrl | The OSS Index server URL | https://ossindex.sonatype.org ossIndexWarnOnlyOnRemoteErrors | Sets whether remote errors from the OSS Index (e.g. BAD GATEWAY, RATE LIMIT EXCEEDED) will result in warnings only instead of failing execution. | false nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used (requires Nexus Pro). This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true diff --git a/src/site/markdown/dependency-check-gradle/configuration-aggregate.md b/src/site/markdown/dependency-check-gradle/configuration-aggregate.md index 8b99dfc5fbb..576eb416c32 100644 --- a/src/site/markdown/dependency-check-gradle/configuration-aggregate.md +++ b/src/site/markdown/dependency-check-gradle/configuration-aggregate.md @@ -175,8 +175,8 @@ retirejs | retireJsUrl | The URL to the Retire JS repository. retirejs | filterNonVulnerable | Configures the RetireJS Analyzer to remove non-vulnerable JS dependencies from the report. | false retirejs | filters | Configures the list of regular expessions used to filter JS files based on content. |   ossIndex | enabled | Sets whether [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be used. This analyzer requires an internet connection. | true -ossIndex | username | The optional user name to connect to Sonatype's OSS Index. |   -ossIndex | password | The password or API token to connect to Sonatype's OSS Index. |   +ossIndex | username | To authenticate Sonatype OSS Index requests and profit from higher rate limits, provide the OSS account email address as username. Provide both a username _and_ a password (see below) or none. |   +ossIndex | password | Password or API token to connect to Sonatype's OSS Index. Provide both a username (see above) _and_ a password or none. |   ossIndex | warnOnlyOnRemoteErrors| Sets whether remote errors from the OSS Index (e.g. BAD GATEWAY, RATE LIMIT EXCEEDED) will result in warnings only instead of failing execution. | false slack | enabled | Whether or not slack notifications are enabled. | false slack | webhookUrl | The custom incoming webhook URL to receive notifications. |