updated information about the nexus analyzer and how it relates to the central analyzer

Former-commit-id: 9d3f9b4f3ea30744f6f8f8c2883fc9d8b0be3a0d

src/site/markdown/nexus-analyzer.md

@@ -1,54 +1,17 @@
 Nexus Analyzer
 ==============
 
-Dependency-check includes an analyzer that will check for the Maven GAV
-(Group/Artifact/Version) information for artifacts in the scanned area. By
-default the information comes from [Maven Central][1], but can be configured to
-use a local repository if necessary. If the artifact's hash is found in the
-configured Nexus repository, its GAV is recorded as an Identifier and the Group
-is collected as Vendor evidence, the Artifact is collected as Product evidence,
-and the Version is collected as Version evidence.
+The Nexus Analyzer has been superceded by the Central Analyzer. If both the
+Central Analyzer and Nexus Analyzer are enabled and the Nexus URL has not
+been configured to point to an instance of Nexus Pro the Nexus Analyzer will
+disable itself.
 
-Default Configuration
----------------------
-
-By default, the Nexus analyzer uses the [Sonatype Nexus Repository][2] to search
-for SHA-1 hashes of dependencies. If the proxy is configured for Dependency
-Check, that proxy is used in order to connect to the Nexus Central repository.
-So if you're using `--proxyurl` on the command-line, the `proxyUrl` setting in
-the Maven plugin, or the `proxyUrl` attribute in the Ant task, that proxy will
-be used by default. Also, the proxy port, user, and password configured globally
-are used as well.
-
-Overriding Defaults
--------------------
-
-If you have an internal Nexus repository you want to use, Dependency Check can
-be configured to use this repository rather than Sonatype. This needs to be a
-Nexus repository (support for Artifactory is planned). For a normal installation
-of Nexus, you would append `/service/local/` to the root of the URL to your
-Nexus repository. This URL can be set as:
-
-* `analyzer.nexus.url` in `dependencycheck.properties`
-* `--nexus <url>` in the CLI
-* The `nexusUrl` property in the Maven plugin
-* The `nexusUrl` attribute in the Ant task
-
-If this repository is internal and should not use the proxy, you can disable the
-proxy for just the Nexus analyzer. Setting this makes no difference if a proxy
-is not configured.
-
-* `analyzer.nexus.proxy=false` in `dependencycheck.properties`
-* `--nexusUsesProxy false` in the CLI
-* The `nexusUsesProxy` property in the Maven plugin
-* The `nexusUsesProxy` attribute in the Ant task
-
-Finally, the Nexus analyzer can be disabled altogether.
-
-* `analyzer.nexus.enabled=false` in `dependencycheck.properties`
-* `--disableNexus` in the CLI
-* `nexusAnalyzerEnabled` property in the Maven plugin
-* `nexusAnalyzerEnabled` attribute in the Ant task
+The Nexus Analyzer will check for the Maven GAV (Group/Artifact/Version) information
+for artifacts in the scanned area. This is done by determining if an artifact exists
+in a Nexus Pro installation using the SHA-1 hash of the artifact scanned. If the
+artifact's hash is found in the configured Nexus repository, its GAV is recorded as
+an Identifier and the Group is collected as Vendor evidence, the Artifact is
+collected as Product evidence, and the Version is collected as Version evidence.
 
 Logging
 -------
@@ -60,9 +23,9 @@ You may see a log message similar to the following during analysis:
 
 At the beginning of analysis, a check is made by the Nexus analyzer to see if it
 is able to reach the configured Nexus service, and if it cannot be reached, the
-analyzer will be disabled. If you see this message, you can use the
-configuration settings described above to resolve the issue, or disable the
-analyzer altogether.
+analyzer will be disabled. If you see this message, you can use the configuration
+settings described in either the CLI, Ant, Maven, or Jenkins plugins to resolve
+the issue, or disable the analyzer altogether.
 
 [1]: http://search.maven.org/            "Maven Central"
 [2]: https://repository.sonatype.org/    "Sonatype Nexus Repository"