updated and linked documentation

Former-commit-id: 175e477cc1d6bf395a2b83a96a56174b8c7a67cb

src/site/markdown/data/database.md

@@ -1,5 +1,7 @@
 Using a Database Server
 =======================
+<font color="red">**WARNING: This discusses an advanced setup and you may run into issues.**</font>
+
 Out of the box dependency-check uses a local H2 database. The location of the database
 file is configured using the data directory configuration option (see
 [CLI](https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html)).

src/site/markdown/data/index.md

@@ -1,9 +1,14 @@
-Local Database Updates
-====================
+Internet Access Required
+==================================
+There are two reasons dependency-check needs access to the Internet. Below you will find
+a discussion of each problem and possibly resolutions if you are facing organizational
+constraints.
+
+Local NVD Database
+----------------------------------
 OWASP dependency-check maintains a local copy of the NVD data hosted by NIST. By default,
 a local [H2 database](http://www.h2database.com/html/main.html) instance is used.
-This works well for local storage of the NVD data used by dependency-check. This requires
-each instance of dependency-check to create its own database and the machine will need access
+As each instance maintains its own copy of the NVD the machine will need access
 to nvd.nist.gov in order to download the NVD data feeds. While the initial download of the NVD
 data feed is large, if after the initial download the tool is run at least once every seven
 days only two small XML files containing the recent modifications will need to be downloaded.
@@ -15,11 +20,13 @@ have a few options:
 2) [Mirror the NVD](./mirrornvd.md) locally within your organization
 3) Use a more robust [centralized database](./database.md) with a single update node
 
-However, if the machine that is running dependency-check cannot reach the [Central Repository](http://search.maven.org)
+
+Downloading Additional Information
+----------------------------------
+If the machine that is running dependency-check cannot reach the [Central Repository](http://search.maven.org)
 the analysis may result in false negatives. This is because some POM files, that are not
-contained within the JAR file itself, contain evidence that is used to create an accurate
-library identification. If Central cannot be reached, it is highly recommended to setup a
+contained within the JAR file itself, contain evidence that is used to accurately identify
+a library. If Central cannot be reached, it is highly recommended to setup a
 Nexus server within your organization and to configure dependency-check to use the local
-Nexus server if the machine running dependency-check cannot connect to the Internet.
-**Note**, even with a Nexus server setup I have seen dependency-check be directed to other
-repositories on the Internet to download the actual POM file.
+Nexus server. **Note**, even with a Nexus server setup I have seen dependency-check be
+re-directed to other repositories on the Internet to download the actual POM file.

src/site/site.xml

@@ -84,6 +84,11 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                 <item name="False Positives" href="./general/suppression.html">
                     <description>Suppressing False Positives</description>
                 </item>
+                <item collapse="true" name="Internet Access Required" href="./data/index.html">
+                    <item name="Proxy" href="./data/proxy.html" />
+                    <item name="Mirroring NVD" href="./data/mirrornvd.html" />
+                    <item name="Central DB" href="./data/database.html" />
+                </item>
                 <item name="Project Presentation (pptx)" href="./general/dependency-check.pptx">
                     <description>PowerPoint Deck</description>
                 </item>