diff --git a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
index cd74addae4..b53e38f614 100644
--- a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
+++ b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
@@ -998,11 +998,23 @@ public void setNodeAuditSkipDevDependencies(Boolean nodeAuditSkipDevDependencies
*
* @param retirejsFilterNonVulnerable new value of
* retirejsFilterNonVulnerable
+ * @deprecated Use {@link #setRetireJsFilterNonVulnerable(Boolean)} instead.
*/
+ @Deprecated
public void setRetirejsFilterNonVulnerable(Boolean retirejsFilterNonVulnerable) {
this.retirejsFilterNonVulnerable = retirejsFilterNonVulnerable;
}
+ /**
+ * Set the value of retireJsFilterNonVulnerable.
+ *
+ * @param retireJsFilterNonVulnerable new value of
+ * retireJsFilterNonVulnerable
+ */
+ public void setRetireJsFilterNonVulnerable(Boolean retireJsFilterNonVulnerable) {
+ this.retirejsFilterNonVulnerable = retireJsFilterNonVulnerable;
+ }
+
/**
* Add a regular expression to the set of retire JS content filters.
*
@@ -1010,11 +1022,25 @@ public void setRetirejsFilterNonVulnerable(Boolean retirejsFilterNonVulnerable)
*
* @param retirejsFilter the regular expression used to filter based on file
* content
+ * @deprecated Use {@link #addConfiguredRetireJsFilter(RetirejsFilter)} instead.
*/
+ @Deprecated
public void addConfiguredRetirejsFilter(final RetirejsFilter retirejsFilter) {
retirejsFilters.add(retirejsFilter.getRegex());
}
+ /**
+ * Add a regular expression to the set of retire JS content filters.
+ *
+ * This is called by Ant.
+ *
+ * @param retireJsFilter the regular expression used to filter based on file
+ * content
+ */
+ public void addConfiguredRetireJsFilter(final RetirejsFilter retireJsFilter) {
+ retirejsFilters.add(retireJsFilter.getRegex());
+ }
+
/**
* Set the value of rubygemsAnalyzerEnabled.
*
@@ -1199,47 +1225,102 @@ public void setPathToDotnetCore(String pathToCore) {
* Set value of {@link #ossindexAnalyzerEnabled}.
*
* @param ossindexAnalyzerEnabled new value of ossindexAnalyzerEnabled
+ * @deprecated Use {@link #setOssIndexAnalyzerEnabled(Boolean)} instead.
*/
+ @Deprecated
public void setOssindexAnalyzerEnabled(Boolean ossindexAnalyzerEnabled) {
this.ossindexAnalyzerEnabled = ossindexAnalyzerEnabled;
}
+ /**
+ * Set value of ossIndexAnalyzerEnabled.
+ *
+ * @param ossIndexAnalyzerEnabled new value of ossIndexAnalyzerEnabled
+ */
+ public void setOssIndexAnalyzerEnabled(Boolean ossIndexAnalyzerEnabled) {
+ this.ossindexAnalyzerEnabled = ossIndexAnalyzerEnabled;
+ }
+
/**
* Set value of {@link #ossindexAnalyzerUseCache}.
*
* @param ossindexAnalyzerUseCache new value of ossindexAnalyzerUseCache
+ * @deprecated Use {@link #setOssIndexAnalyzerUseCache(Boolean)} instead.
*/
+ @Deprecated
public void setOssindexAnalyzerUseCache(Boolean ossindexAnalyzerUseCache) {
this.ossindexAnalyzerUseCache = ossindexAnalyzerUseCache;
}
+ /**
+ * Set value of ossIndexAnalyzerUseCache.
+ *
+ * @param ossIndexAnalyzerUseCache new value of ossIndexAnalyzerUseCache
+ */
+ public void setOssIndexAnalyzerUseCache(Boolean ossIndexAnalyzerUseCache) {
+ this.ossindexAnalyzerUseCache = ossIndexAnalyzerUseCache;
+ }
+
/**
* Set value of {@link #ossindexAnalyzerUrl}.
*
* @param ossindexAnalyzerUrl new value of ossindexAnalyzerUrl
+ * @deprecated Use {@link #setOssIndexAnalyzerUrl(String)} instead.
*/
+ @Deprecated
public void setOssindexAnalyzerUrl(String ossindexAnalyzerUrl) {
this.ossindexAnalyzerUrl = ossindexAnalyzerUrl;
}
+ /**
+ * Set value of ossIndexAnalyzerUrl.
+ *
+ * @param ossIndexAnalyzerUrl new value of ossIndexAnalyzerUrl
+ */
+ public void setOssIndexAnalyzerUrl(String ossIndexAnalyzerUrl) {
+ this.ossindexAnalyzerUrl = ossIndexAnalyzerUrl;
+ }
+
/**
* Set value of {@link #ossindexAnalyzerUsername}.
*
* @param ossindexAnalyzerUsername new value of ossindexAnalyzerUsername
+ * @deprecated Use {@link #setOssIndexAnalyzerUsername(String)} instead.
*/
+ @Deprecated
public void setOssindexAnalyzerUsername(String ossindexAnalyzerUsername) {
this.ossindexAnalyzerUsername = ossindexAnalyzerUsername;
}
+ /**
+ * Set value of ossIndexAnalyzerUsername.
+ *
+ * @param ossIndexAnalyzerUsername new value of ossIndexAnalyzerUsername
+ */
+ public void setOssIndexAnalyzerUsername(String ossIndexAnalyzerUsername) {
+ this.ossindexAnalyzerUsername = ossIndexAnalyzerUsername;
+ }
+
/**
* Set value of {@link #ossindexAnalyzerPassword}.
*
* @param ossindexAnalyzerPassword new value of ossindexAnalyzerPassword
+ * @deprecated Use {@link #setOssIndexAnalyzerPassword(String)} instead.
*/
+ @Deprecated
public void setOssindexAnalyzerPassword(String ossindexAnalyzerPassword) {
this.ossindexAnalyzerPassword = ossindexAnalyzerPassword;
}
+ /**
+ * Set value of ossIndexAnalyzerPassword.
+ *
+ * @param ossIndexAnalyzerPassword new value of ossIndexAnalyzerPassword
+ */
+ public void setOssIndexAnalyzerPassword(String ossIndexAnalyzerPassword) {
+ this.ossindexAnalyzerPassword = ossIndexAnalyzerPassword;
+ }
+
/**
* Set value of {@link #ossIndexAnalyzerWarnOnlyOnRemoteErrors}.
*
diff --git a/ant/src/site/markdown/configuration.md b/ant/src/site/markdown/configuration.md
index 152ecaa95f..a839d89ee8 100644
--- a/ant/src/site/markdown/configuration.md
+++ b/ant/src/site/markdown/configuration.md
@@ -22,7 +22,7 @@ the project's dependencies.
reportoutputdirectory="${basedir}"
reportformat="ALL">
-
+
@@ -84,11 +84,11 @@ be needed.
| dartAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) Dart Analyzer will be used. | true |
| knownExploitedEnabled | Sets whether the Known Exploited Vulnerability update and analyzer are enabled. | true |
| knownExploitedUrl | Sets URL to the CISA Known Exploited Vulnerabilities JSON data feed. | https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |
-| ossindexAnalyzerEnabled | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be enabled. This analyzer requires an internet connection. | true |
-| ossindexAnalyzerUseCache | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. | true |
-| ossindexAnalyzerUrl | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. | https://ossindex.sonatype.org |
-| ossindexAnalyzerUsername | Sets the username for OSS Index - note an account with OSS Index is not required. | |
-| ossindexAnalyzerPassword | Sets the password for OSS Index. | |
+| ossIndexAnalyzerEnabled | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be enabled. This analyzer requires an internet connection. *Deprecated alias: `ossindexAnalyzerEnabled`* | true |
+| ossIndexAnalyzerUseCache | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. *Deprecated alias: `ossindexAnalyzerUseCache`* | true |
+| ossIndexAnalyzerUrl | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. *Deprecated alias: `ossindexAnalyzerUrl`* | https://ossindex.sonatype.org |
+| ossIndexAnalyzerUsername | Sets the username for OSS Index - note an account with OSS Index is not required. *Deprecated alias: `ossindexAnalyzerUsername`* | |
+| ossIndexAnalyzerPassword | Sets the password for OSS Index. *Deprecated alias: `ossindexAnalyzerPassword`* | |
| ossIndexAnalyzerWarnOnlyOnRemoteErrors | Whether we should only warn about Sonatype OSS Index remote errors instead of failing completely. | |
| nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. This analyzer is an alternative to the Central or Artifactory Analyzers, allowing retrieval from Sonatype Nexus installations. | true |
| nexusUrl | Defines the Nexus web service endpoint (example http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled. | |
@@ -124,8 +124,8 @@ be needed.
| pathToYarn | The path to `yarn`. | |
| pathToPnpm | The path to `pnpm`. | |
| retireJsAnalyzerEnabled | Sets whether the RetireJS Analyzer update and analyzer are enabled. | true |
-| retirejsFilterNonVulnerable | Configures the RetireJS Analyzer to remove non-vulnerable JS dependencies from the report. | false |
-| retirejsFilter | A nested configuration that can be specified multple times; The regex defined is used to filter JS files based on content. | |
+| retireJsFilterNonVulnerable | Configures the RetireJS Analyzer to remove non-vulnerable JS dependencies from the report. *Deprecated alias: `retirejsFilterNonVulnerable`* | false |
+| retireJsFilter | A nested configuration that can be specified multple times; The regex defined is used to filter JS files based on content. *Deprecated alias: `retirejsFilter`* | |
| nuspecAnalyzerEnabled | Sets whether the .NET Nuget Nuspec Analyzer will be used. | true |
| nugetconfAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) .NET Nuget packages.config Analyzer will be used. `enableExperimental` must be set to true. | true |
| libmanAnalyzerEnabled | Sets whether the Libman Analyzer will be used. | true |
diff --git a/cli/src/main/java/org/owasp/dependencycheck/App.java b/cli/src/main/java/org/owasp/dependencycheck/App.java
index 38ca00373f..05cf51d9c2 100644
--- a/cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -539,10 +539,16 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
cli.getStringArgument(CliParser.ARGUMENT.RETIREJS_URL_BEARER_TOKEN));
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FORCEUPDATE,
cli.hasOption(CliParser.ARGUMENT.RETIRE_JS_FORCEUPDATE));
- settings.setStringIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTERS,
- cli.getStringArgument(CliParser.ARGUMENT.RETIREJS_FILTERS));
- settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTER_NON_VULNERABLE,
- cli.hasOption(CliParser.ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE));
+ String retireJsFilters = cli.getStringArgument(CliParser.ARGUMENT.RETIRE_JS_FILTERS);
+ if (retireJsFilters == null) {
+ retireJsFilters = cli.getStringArgument(CliParser.ARGUMENT.RETIREJS_FILTERS);
+ }
+ settings.setStringIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTERS, retireJsFilters);
+ Boolean retireJsFilterNonVuln = cli.hasOption(CliParser.ARGUMENT.RETIRE_JS_FILTER_NON_VULNERABLE);
+ if (retireJsFilterNonVuln == null) {
+ retireJsFilterNonVuln = cli.hasOption(CliParser.ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE);
+ }
+ settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTER_NON_VULNERABLE, retireJsFilterNonVuln);
settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED,
!cli.isDisabled(CliParser.ARGUMENT.DISABLE_JAR, Settings.KEYS.ANALYZER_JAR_ENABLED));
settings.setBoolean(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED,
diff --git a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java
index 4fda16459a..b587717b3f 100644
--- a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java
+++ b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -452,6 +452,8 @@ private void addAdvancedOptions(final Options options) {
"The password to authenticate to Retire JS Repository URL"))
.addOption(newOption(ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE, "Specifies that the Retire JS "
+ "Analyzer should filter out non-vulnerable JS files from the report."))
+ .addOption(newOption(ARGUMENT.RETIRE_JS_FILTER_NON_VULNERABLE, "Specifies that the Retire JS "
+ + "Analyzer should filter out non-vulnerable JS files from the report."))
.addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_PARALLEL_ANALYSIS, "true/false",
"Whether the Artifactory Analyzer should use parallel analysis."))
.addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_USES_PROXY, "true/false",
@@ -474,6 +476,10 @@ private void addAdvancedOptions(final Options options) {
"Specify Retire JS content filter used to exclude files from analysis based on their content; "
+ "most commonly used to exclude based on your applications own copyright line. This "
+ "option can be specified multiple times."))
+ .addOption(newOptionWithArg(ARGUMENT.RETIRE_JS_FILTERS, "pattern",
+ "Specify Retire JS content filter used to exclude files from analysis based on their content; "
+ + "most commonly used to exclude based on your applications own copyright line. This "
+ + "option can be specified multiple times."))
.addOption(newOptionWithArg(ARGUMENT.NEXUS_URL, "url",
"The url to the Nexus Server's REST API Endpoint (http://domain/nexus/service/local). If not "
+ "set the Nexus Analyzer will be disabled."))
@@ -826,7 +832,8 @@ public String[] getExcludeList() {
* @return the retireJS filters
*/
public String[] getRetireJsFilters() {
- return line.getOptionValues(ARGUMENT.RETIREJS_FILTERS);
+ final String[] values = line.getOptionValues(ARGUMENT.RETIRE_JS_FILTERS);
+ return values != null ? values : line.getOptionValues(ARGUMENT.RETIREJS_FILTERS);
}
/**
@@ -839,7 +846,8 @@ public String[] getRetireJsFilters() {
@SuppressFBWarnings(justification = "Accepting that this is a bad practice - but made more sense in this use case",
value = {"NP_BOOLEAN_RETURN_NULL"})
public Boolean isRetireJsFilterNonVulnerable() {
- return (line != null && line.hasOption(ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE)) ? true : null;
+ return (line != null && (line.hasOption(ARGUMENT.RETIRE_JS_FILTER_NON_VULNERABLE)
+ || line.hasOption(ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE))) ? true : null;
}
/**
@@ -1596,12 +1604,24 @@ public static class ARGUMENT {
public static final String RETIRED = "enableRetired";
/**
* The CLI argument for the retire js content filters.
+ * @deprecated Use {@link #RETIRE_JS_FILTERS} instead.
*/
+ @Deprecated
public static final String RETIREJS_FILTERS = "retirejsFilter";
+ /**
+ * The CLI argument for the retire JS content filters.
+ */
+ public static final String RETIRE_JS_FILTERS = "retireJsFilter";
/**
* The CLI argument for the retire js content filters.
+ * @deprecated Use {@link #RETIRE_JS_FILTER_NON_VULNERABLE} instead.
*/
+ @Deprecated
public static final String RETIREJS_FILTER_NON_VULNERABLE = "retirejsFilterNonVulnerable";
+ /**
+ * The CLI argument for the retire JS content filter for non-vulnerable.
+ */
+ public static final String RETIRE_JS_FILTER_NON_VULNERABLE = "retireJsFilterNonVulnerable";
/**
* The CLI argument for indicating if the Artifactory analyzer should be
* enabled.
diff --git a/cli/src/site/markdown/arguments.md b/cli/src/site/markdown/arguments.md
index bff0bf1ff7..53f97632ba 100644
--- a/cli/src/site/markdown/arguments.md
+++ b/cli/src/site/markdown/arguments.md
@@ -61,11 +61,11 @@ Advanced Options
| | \-\-disableRetireJS | | Sets whether the RetireJS Analyzer will be used. | |
| | \-\-retireJsForceUpdate | | Sets whether the RetireJS Analyzer will update regardless of the `noupdate` argument. | false |
| | \-\-retireJsUrl | \ | The URL to the Retire JS repository. | https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json |
-| | \-\-retirejsFilter | \ | The RetireJS Analyzers content filter used to exclude JS files when the content contains the given regular expression; this option can be specified multiple times. | |
-| | \-\-retirejsFilterNonVulnerable | | Specifies that the Retire JS Analyzer should filter out non-vulnerable JS files from the report. | |
+| | \-\-retireJsFilter | \ | The RetireJS Analyzers content filter used to exclude JS files when the content contains the given regular expression; this option can be specified multiple times. *Deprecated alias: `\-\-retirejsFilter`* | |
+| | \-\-retireJsFilterNonVulnerable | | Specifies that the Retire JS Analyzer should filter out non-vulnerable JS files from the report. *Deprecated alias: `\-\-retirejsFilterNonVulnerable`* | |
| | \-\-retireJsUrlUser | \ | Credentials used for basic authentication for the RetireJS data. | |
-| | \-\-retirejsUrlPassword | \ | Credentials used for basic authentication for the RetireJS data. | |
-| | \-\-retirejsUrlBearerToken | \ | Credentials used for bearer authentication for the RetireJS data. | |
+| | \-\-retireJsUrlPass | \ | Credentials used for basic authentication for the RetireJS data. | |
+| | \-\-retireJsUrlBearerToken | \ | Credentials used for bearer authentication for the RetireJS data. | |
| | \-\-disableRubygems | | Sets whether the [experimental](../analyzers/index.html) Ruby Gemspec Analyzer will be used. | |
| | \-\-disableBundleAudit | | Sets whether the [experimental](../analyzers/index.html) Ruby Bundler Audit Analyzer will be used. | |
| | \-\-disableCocoapodsAnalyzer | | Sets whether the [experimental](../analyzers/index.html) Cocoapods Analyzer will be used. | |
diff --git a/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index 0ca05a29b2..830be1fb6a 100644
--- a/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -745,24 +745,46 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
private Boolean nexusAnalyzerEnabled;
/**
- * Whether or not the Sonatype OSS Index analyzer is enabled.
+ * Deprecated - use ossIndexAnalyzerEnabled instead.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "ossindexAnalyzerEnabled")
+ @Deprecated
private Boolean ossindexAnalyzerEnabled;
/**
- * Whether or not the Sonatype OSS Index analyzer should cache results.
+ * Deprecated - use ossIndexAnalyzerUseCache instead.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "ossindexAnalyzerUseCache")
+ @Deprecated
private Boolean ossindexAnalyzerUseCache;
/**
- * URL of the Sonatype OSS Index service.
+ * Deprecated - use ossIndexAnalyzerUrl instead.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "ossindexAnalyzerUrl")
+ @Deprecated
private String ossindexAnalyzerUrl;
+ /**
+ * Whether or not the Sonatype OSS Index analyzer is enabled.
+ */
+ @SuppressWarnings("CanBeFinal")
+ @Parameter(property = "ossIndexAnalyzerEnabled")
+ private Boolean ossIndexAnalyzerEnabled;
+ /**
+ * Whether or not the Sonatype OSS Index analyzer should cache results.
+ */
+ @SuppressWarnings("CanBeFinal")
+ @Parameter(property = "ossIndexAnalyzerUseCache")
+ private Boolean ossIndexAnalyzerUseCache;
+ /**
+ * URL of the Sonatype OSS Index service.
+ */
+ @SuppressWarnings("CanBeFinal")
+ @Parameter(property = "ossIndexAnalyzerUrl")
+ private String ossIndexAnalyzerUrl;
+
/**
* The id of a server defined in the settings.xml to authenticate Sonatype
* OSS Index requests and profit from higher rate limits. Provide the OSS
@@ -2446,15 +2468,18 @@ protected void populateSettings() throws MojoFailureException, MojoExecutionExce
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_CARTHAGE_ENABLED, carthageAnalyzerEnabled);
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_MANAGER_ENABLED, swiftPackageManagerAnalyzerEnabled);
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_RESOLVED_ENABLED, swiftPackageResolvedAnalyzerEnabled);
- settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_ENABLED, ossindexAnalyzerEnabled);
- settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL, ossindexAnalyzerUrl);
+ settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_ENABLED,
+ ossIndexAnalyzerEnabled != null ? ossIndexAnalyzerEnabled : ossindexAnalyzerEnabled);
+ settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL,
+ ossIndexAnalyzerUrl != null ? ossIndexAnalyzerUrl : ossindexAnalyzerUrl);
if (StringUtils.isEmpty(ossIndexUsername) || StringUtils.isEmpty(ossIndexPassword)) {
configureServerCredentials(ossIndexServerId, Settings.KEYS.ANALYZER_OSSINDEX_USER, Settings.KEYS.ANALYZER_OSSINDEX_PASSWORD);
} else {
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER, ossIndexUsername);
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_PASSWORD, ossIndexPassword);
}
- settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_USE_CACHE, ossindexAnalyzerUseCache);
+ settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_USE_CACHE,
+ ossIndexAnalyzerUseCache != null ? ossIndexAnalyzerUseCache : ossindexAnalyzerUseCache);
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, ossIndexWarnOnlyOnRemoteErrors);
if (retirejs != null) {
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTER_NON_VULNERABLE, retirejs.getFilterNonVulnerable());
diff --git a/maven/src/site/markdown/configuration.md b/maven/src/site/markdown/configuration.md
index 1a1439cc5a..0c75602b6e 100644
--- a/maven/src/site/markdown/configuration.md
+++ b/maven/src/site/markdown/configuration.md
@@ -61,9 +61,9 @@ be needed.
| dartAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) Dart Analyzer will be used. | true |
| knownExploitedEnabled | Sets whether the Known Exploited Vulnerability update and analyzer are enabled. | true |
| knownExploitedUrl | Sets URL to the CISA Known Exploited Vulnerabilities JSON data feed. | https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |
-| ossindexAnalyzerEnabled | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be enabled. This analyzer requires an internet connection. | true |
-| ossindexAnalyzerUseCache | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. | true |
-| ossindexAnalyzerUrl | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. | https://ossindex.sonatype.org |
+| ossIndexAnalyzerEnabled | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be enabled. This analyzer requires an internet connection. *Deprecated alias: `ossindexAnalyzerEnabled`* | true |
+| ossIndexAnalyzerUseCache | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. *Deprecated alias: `ossindexAnalyzerUseCache`* | true |
+| ossIndexAnalyzerUrl | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. *Deprecated alias: `ossindexAnalyzerUrl`* | https://ossindex.sonatype.org |
| ossIndexServerId | The id of [a server](https://maven.apache.org/settings.html#Servers) defined in the `settings.xml` to authenticate Sonatype OSS Index requests and profit from higher rate limits. Provide the OSS account email address as `username` and password or API token as `password`. | |
| ossIndexUsername | OSS account email address as an alternative to the indirection through the `ossIndexServerId` (see above). Both `ossIndexUsername` and `ossIndexPassword` must be set to use this approach instead of the server ID. | |
| ossIndexPassword | OSS password or API token as an alternative to the indirection through the `ossIndexServerId` (see above). Both `ossIndexUsername` and `ossIndexPassword` must be set to use this approach instead of the server ID. | |