docs: Clarifying use of --metrics and epss options (#3663)

Co-authored-by: Terri Oda <[email protected]>

Author: Mayankrai449

cve_bin_tool/cli.py

@@ -278,12 +278,12 @@ def main(argv=None):
     output_group.add_argument(
         "--epss-percentile",
         action="store",
-        help="minimum epss percentile of CVE range between 0 to 100 to report",
+        help="minimum epss percentile of CVE range between 0 to 100 to report. Automatically enables `--metrics`",
     )
     output_group.add_argument(
         "--epss-probability",
         action="store",
-        help="minimum epss probability of CVE range between 0 to 100 to report",
+        help="minimum epss probability of CVE range between 0 to 100 to report. Automatically enables `--metrics`",
     )
     output_group.add_argument(
         "--no-0-cve-report",

doc/MANUAL.md

@@ -1080,6 +1080,10 @@ This option specifies the minimum EPSS percentile of CVE range between 0 to 100
 
 This option specifies the minimum EPSS probability of CVE range between o to 100 to report. The default value is 0 which result in all CVEs being reported.
 
+### Automatic Metrics Activation
+
+If either `--epss-percentile` or `--epss-probability` is set, the system will automatically enable the `--metrics` option so that the epss data will be loaded and displayed.
+
 ### -S {low,medium,high,critical}, --severity {low,medium,high,critical}
 
 This option specifies the minimum CVE severity to report. The default value is low which results in all CVEs being reported.