Login Contact Us Book a Demo

INTRODUCING SONATYPE GUIDE

Built for the Next Era of Secure Software Development

Guide is the natural evolution of OSS Index, extending trusted vulnerability intelligence into automation-ready guidance.

Explore Sonatype Guide

The Evolution of OSS Index and The Introduction of Sonatype Guide

OSS Index is Moving to Sonatype Guide

The open source intelligence you've come to rely on from OSS Index is now available through Sonatype Guide.
  • Users will gain access to richer, continuously curated data designed for machine consumption.
  • Teams can choose when and how to transition, based on their workflows and scale requirements.
  • Existing OSS Index users can continue using the OSS Index API via compatibility API in Sonatype Guide.
  • Free and paid packages will be offered, scaling based on usage and consumption needs.

Sonatype Guide offers the same trusted open source intelligence, now built to work where software decisions increasingly happen: in pipelines, agents, and AI-powered tools.

Why is This Change Happening?

Software development has changed significantly in the past year.

  • Developers are producing more code, faster, with the help of generative AI and automation.
  • Dependency selection decisions are increasingly made by pipelines, tools, and AI coding assistants rather than manual review.
  • Attackers are using the same automation and AI capabilities to create and distribute malicious packages at machine speed.
  • Developers and teams remain accountable for what ships to production, even as more decisions are delegated to automated systems.

This shift has changed the scale, speed, and nature of open source risk.

What Modern AI-Powered SDLCs Require

In our analysis of more than 36,000 real-world dependency upgrade recommendations across Maven, npm, and PyPI, state-of-the-art AI models suggested non-existent versions more than 27% of the time. These failures stem from reliance on incomplete and often stale data in ecosystems that change continuously. Today’s AI-assisted development environments require intelligence that is:

Real-Time and Continuously Updated

Accurate and Consistently Curated

Safe for Use by Automated Systems and Agents

Designed for Malicious OSS, Not Just Vulnerabilities

The Role OSS Index Has Played

OSS Index has long provided free, high-quality open source vulnerability intelligence and is widely used across the ecosystem, including by tools such as Dependency-Track and Dependency-Check. That foundation remains important. But the way software is built — and how risk is introduced — has changed.

OSS Index was designed for an era where humans reviewed most dependency decisions. Today, modern workflows increasingly rely on automation and agents that require real-time, precise, and continuously curated intelligence. OSS Index was not built to support fully automated, AI-driven software supply chains operating at global scale. At the same time, public vulnerability data sources have developed growing delays and gaps, making them unreliable inputs for automation without additional context and curation.

Introducing Sonatype Guide

Sonatype Guide was created to address these new realities. Guide is not a new version of OSS Index. It is a developer-first solution designed specifically for AI-assisted and automated software development.

GUIDE PROVIDES:

  • Real-time open source and vulnerability intelligence
  • Automation-ready access via APIs and MCP
  • Support for AI coding assistants, pipelines, and agents
  • Enterprise-grade scalability and support

GUIDE CAN BE USED:

  • As a standalone solution
  • Alongside existing Sonatype products
Developer trust score powered by component intelligence within Sonatype Guide

OSS Index and Guide: Continuity and Clarity

We recognize that the OSS Index is critical infrastructure for many developers and organizations.

  • The OSS Index API will continue to be available via compatibility API in Sonatype Guide.
  • Users can expect continued compatibility with existing integrations such as Dependency-Track and Dependency-Check.
  • Users will have clear options to continue using OSS Index or transition to Guide as needs evolve.
  • Updated packages (free and paid) through Guide will be published to support predictable usage at scale.

Guide provides a path forward for teams looking to fully automate open source security in AI-powered SDLCs. Guide is available now and free to get started. Updated free and paid packages through Guide will be introduced to support predictable usage at scale, with detailed information on limits, pricing, and timelines shared well in advance.

OUR GOAL IS TO MAKE THIS TRANSITION CLEAR, PREDICTABLE, AND NON-DISRUPTIVE WHILE SUPPORTING THE REALITIES OF MODERN AI-ASSISTED DEVELOPMENT

 

Try Sonatype Guide

glyph branded arrow
Get Started