Skip to content

Commit f07981d

Browse files
brianfclaude
andcommitted
Update OSS Index documentation for new API endpoint
Document Sonatype's migration to the new API endpoint at https://api.guide.sonatype.com which requires new API tokens. Updated examples in application.properties and documentation to reference the new endpoint. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Brian Fox <brianf@sonatype.com>
1 parent 92f04d4 commit f07981d

File tree

3 files changed

+15
-3
lines changed

3 files changed

+15
-3
lines changed

docs/_docs/datasources/ossindex.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,14 +36,23 @@ Vulnerabilities from the proprietary dataset have their IDs prefixed with `sonat
3636

3737
By default, Dependency-Track connects to the public OSS Index service at `https://ossindex.sonatype.org`.
3838

39-
You can override this to:
39+
> **Important:** Sonatype is migrating OSS Index to a new API endpoint at `https://api.guide.sonatype.com`.
40+
> The new endpoint requires new API tokens (tokens from the legacy endpoint will not work).
41+
> The legacy endpoint will be deprecated in the future.
42+
43+
You can override the base URL to:
44+
- Use the new Sonatype API endpoint (`https://api.guide.sonatype.com`)
4045
- Use a corporate proxy
4146
- Point to a private OSS Index instance
4247
- Use an alternative endpoint for testing
4348

4449
To configure a custom base URL, set the `scanner.ossindex.base.url` property in your `application.properties` file:
4550

4651
```properties
52+
# New Sonatype API endpoint (requires new API token)
53+
scanner.ossindex.base.url=https://api.guide.sonatype.com
54+
55+
# Or use a custom endpoint
4756
scanner.ossindex.base.url=https://your-custom-ossindex.example.com
4857
```
4958

docs/_docs/getting-started/configuration.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -446,8 +446,9 @@ ossindex.request.max.purl=128
446446

447447
# Optional
448448
# Base URL for OSS Index API. Override to use a proxy or alternative instance.
449+
# NOTE: Sonatype is migrating to https://api.guide.sonatype.com (requires new API tokens)
449450
# The default value is https://ossindex.sonatype.org
450-
scanner.ossindex.base.url=https://ossindex.sonatype.org
451+
scanner.ossindex.base.url=https://api.guide.sonatype.com
451452

452453
# Optional
453454
#Defines the maximum number of attempts used by Resilience4J for exponential backoff retry regarding OSSIndex calls.

src/main/resources/application.properties

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -408,7 +408,9 @@ ossindex.request.max.purl=128
408408

409409
# Optional
410410
# Base URL for OSS Index API. Override to use a proxy or alternative instance.
411-
# scanner.ossindex.base.url=https://ossindex.sonatype.org
411+
# NOTE: Sonatype is migrating to a new API at https://api.guide.sonatype.com
412+
# which will require new API tokens. The legacy endpoint will be deprecated.
413+
# scanner.ossindex.base.url=https://api.guide.sonatype.com
412414

413415
# Optional
414416
# Defines the maximum amount of retries to perform for each request to the OSS Index API.

0 commit comments

Comments
 (0)