Update OSS Index documentation with instructions to authenticate

Signed-off-by: Federico Ramayo <framayo@morean.co>

docs/_docs/FAQ.md

@@ -19,10 +19,12 @@ This topic is heavily explained in the [Dependency Check Comparison](./../odt-od
 
 #### I expect to see vulnerable components but I don't
 
-Most common reason: You have yet to enable the [Sonatype OSS Index Analyzer](./../datasources/ossindex/). It is not
+Most common reason: You have yet to enable the [Sonatype OSS Index Analyzer]. It is not
 enabled by default but is necessary to scan dependencies represented by
 [Package URLs](./../terminology/#package-url-purl).
 
+Authentication through API Token will be required. Follow [Sonatype OSS Index Analyzer] `Authentication` instructions.
+
 #### I have just enabled OSS Index Analyzer but still don't see results
 
 The analyzers run asynchronously. After you enable an analyzer it is not immediately run.
@@ -123,3 +125,4 @@ Policy condition values are treated as regular expressions.
    For example, `^vendor/*$` would match `vendor/lib-1`, `vendor/app`, or even only `vendor/`.
 
 [defect report]: https://github.com/DependencyTrack/dependency-track/issues/new?assignees=&labels=defect%2Cin+triage&template=defect-report.yml
+[Sonatype OSS Index Analyzer]: (./../datasources/ossindex/)

docs/_docs/datasources/ossindex.md

@@ -13,27 +13,31 @@ not exist.
 Dependency-Track integrates with OSS Index using its [public API]. Dependency-Track does not mirror OSS Index entirely,
 but it does consume vulnerabilities on a 'as-identified' basis.
 
-The OSS Index integration is enabled by default and does not require an account for its basic functionality.
+The OSS Index integration is enabled by default.
+
+#### Important Update (Sep 2025)
+
+> Unauthenticated usage of OSS Index will be no longer supported.  
+An API Token will be required.
 
 ### Authentication
 
-Unauthenticated usage of OSS Index is subject to stricter rate limiting and does not grant access to
-Sonatype's proprietary vulnerability intelligence data. When rate limiting becomes an issue, or access
-to the proprietary data is desired, [register](https://ossindex.sonatype.org/user/register) a free account
-and configure the API credentials in Dependency-Track's administration panel.
+1. [Sign In] or [Sign Up] for free. 
+2. Get the API Token from your [Settings](https://ossindex.sonatype.org/user/settings).
+3. Configure the API Token in Dependency-Track's administration panel.
 
-![OSS Index Configuration]({{ site.baseurl }}/images/screenshots/ossindex-configuration.png)
+![OSS Index Configuration](../../images/screenshots/ossindex-configuration.png)
 
-Vulnerabilities from the proprietary dataset have their IDs prefixed with `sonatpye-`, and their source labeled as `OSSINDEX`.
+Vulnerabilities from the proprietary dataset have their IDs prefixed with `sonatype-`, and their source labeled as `OSSINDEX`.
 
-![OSS Index Findings]({{ site.baseurl }}/images/screenshots/ossindex-findings.png)
+![OSS Index Findings](../../images/screenshots/ossindex-findings.png)
 
 ### May 2022 Update
 
 Previously, authentication was only required for an extended rate limiting budget. Up to this point, vulnerabilities in
 the OSS Index dataset that did not map to CVEs were identified by random UUIDs (e.g. `ae0cc4d7-fafe-4970-87e3-f8956039645a`).
 
-In May 2022, Sonatype [announced](https://ossindex.sonatype.org/updates-notice) major changes to OSS Index.
+In May 2022, Sonatype announced major changes to OSS Index.
 Beside improvements in data quality and update frequencies, vulnerability IDs changed from random UUIDs to
 a more CVE-like structure (e.g. `sonatype-2022-4402`).
 
@@ -42,3 +46,5 @@ naming scheme in their portfolio.
 
 [Sonatype OSS Index]: https://ossindex.sonatype.org/
 [public API]: https://ossindex.sonatype.org/doc/rest
+[Sign In]: https://ossindex.sonatype.org/user/signin
+[Sign Up]: https://ossindex.sonatype.org/user/register