Clean up quickstart documentation

[montokapro]

Addresses: #59

I ran into the same confusion, and the posts in this issue were very helpful! This PR adds them to the documentation.

[nMoncho]

Hi @montokapro, thank you for your contribution.
Could you kindly update the commit message to use conventional commits?
Something like docs: Clarify Getting Started section with proper NVD API Key setup

[montokapro]

Done! Thanks for clarifying the convention!

[nMoncho]

hi @montokapro sorry that this took so long. I was in the middle of something at work.
I just checked the snippet on a sample project, could you kindly check the same on your side, and adjust the PR if that's the case, otherwise please let me know and I can do it.

I tried and worked successfully:

import net.nmoncho.sbt.dependencycheck.settings._

dependencyCheckNvdApi := NvdApiSettings("MY-UUID-NVD-KEY")

The apiKey named parameter isn't required. Could please confirm with me? Sorry again about this back and forth.

[montokapro]

hi @montokapro sorry that this took so long

No worries! I am grateful that you maintain this project!

import net.nmoncho.sbt.dependencycheck.settings._

dependencyCheckNvdApi := NvdApiSettings("MY-UUID-NVD-KEY")

This does work for me, though regardless of which approach I take, I get the warning

WARN  org.owasp.dependencycheck.data.update.NvdApiDataSource - An NVD API Key was not provided - it is highly recommended to use an NVD API key as the update can take a VERY long time without an API Key

I will try again this weekend with no api key, verify this does not work, and then change this PR as you suggested. I assumed this warning was for a specific API call, and not whichever one was necessary for sbt -Dlog4j2.level=info dependency-check to complete successfully.

[nMoncho]

@montokapro that's weird. I'm a bit puzzled by this behavior, as the named parameter shouldn't be required, as the apiKey is in the first position.

I did a fresh setup with a Docker container, to make sure I'd have a clean environment , and I could not reproduce this warning.

I tried these different setups

import net.nmoncho.sbt.dependencycheck.settings._

dependencyCheckNvdApi := NvdApiSettings("MY-UUID-NVD-KEY")

☝️ doesn't issue the warning

import net.nmoncho.sbt.dependencycheck.settings._

ThisBuild / dependencyCheckNvdApi := NvdApiSettings("MY-UUID-NVD-KEY")

☝️ doesn't issue the warning

import net.nmoncho.sbt.dependencycheck.settings._

// dependencyCheckNvdApi := NvdApiSettings("MY-UUID-NVD-KEY")

☝️ does issue the warning

[montokapro]

I guess I added dependencyCheckNvdApi to the wrong place, and the plugin worked for me regardless! I can run a dependency check even without setting an API key, and continue to get the warning I described.

I've updated the README as you suggested.