Skip to content

Migrate from Sonatype OSS Index to Sonatype Guide API #8336

New issue
New issue
Open
Open
Migrate from Sonatype OSS Index to Sonatype Guide API#8336
Assignees
nhumblot
Labels
enhancementossindexLabel for issues that relate to the OSSIndex API
@danielcompton

Description

@danielcompton
danielcompton
opened on Mar 4, 2026

Is your feature request related to a problem? Please describe.

I got an email that Sonatype is migrating OSS Index to Sonatype Guide. The OSS Index API will move to a compatibility API within Guide, with migration instructions going out March 31, 2026.

Dependency-Check uses the OSS Index analyzer as a vulnerability data source, so this will need updating at some point.

Describe the solution you'd like

Unsure

Describe alternatives you've considered

  • Do nothing and hope the compatibility API works without changes (unclear if endpoints or auth will change)
  • Drop OSS Index analyzer and rely solely on NVD

Additional context

From Sonatype's announcement:

The OSS Index API will continue to be available via compatibility API in Sonatype Guide. Users can expect continued compatibility with existing integrations such as Dependency-Track and Dependency-Check.

Announcement: https://www.sonatype.com/products/sonatype-guide/oss-index-users

Metadata

Metadata

Assignees

Labels

enhancementossindexLabel for issues that relate to the OSSIndex API

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions