Update OSS Index documentation for new API endpoint

brianf · claude · brianf · commit f07981db38a8 · 2026-01-22T09:51:31.000-05:00
Document Sonatype's migration to the new API endpoint at https://api.guide.sonatype.com which requires new API tokens. Updated examples in application.properties and documentation to reference the new endpoint. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Brian Fox <brianf@sonatype.com>
diff --git a/docs/_docs/datasources/ossindex.md b/docs/_docs/datasources/ossindex.md
@@ -36,14 +36,23 @@ Vulnerabilities from the proprietary dataset have their IDs prefixed with `sonat
 
 By default, Dependency-Track connects to the public OSS Index service at `https://ossindex.sonatype.org`.
 
-You can override this to:
+> **Important:** Sonatype is migrating OSS Index to a new API endpoint at `https://api.guide.sonatype.com`.
+> The new endpoint requires new API tokens (tokens from the legacy endpoint will not work).
+> The legacy endpoint will be deprecated in the future.
+
+You can override the base URL to:
+- Use the new Sonatype API endpoint (`https://api.guide.sonatype.com`)
 - Use a corporate proxy
 - Point to a private OSS Index instance
 - Use an alternative endpoint for testing
 
 To configure a custom base URL, set the `scanner.ossindex.base.url` property in your `application.properties` file:
 
 ```properties
+# New Sonatype API endpoint (requires new API token)
+scanner.ossindex.base.url=https://api.guide.sonatype.com
+
+# Or use a custom endpoint
 scanner.ossindex.base.url=https://your-custom-ossindex.example.com
 ```
 
diff --git a/docs/_docs/getting-started/configuration.md b/docs/_docs/getting-started/configuration.md
@@ -446,8 +446,9 @@ ossindex.request.max.purl=128
 
 # Optional
 # Base URL for OSS Index API. Override to use a proxy or alternative instance.
+# NOTE: Sonatype is migrating to https://api.guide.sonatype.com (requires new API tokens)
 # The default value is https://ossindex.sonatype.org
-scanner.ossindex.base.url=https://ossindex.sonatype.org
+scanner.ossindex.base.url=https://api.guide.sonatype.com
 
 # Optional
 #Defines the maximum number of attempts used by Resilience4J for exponential backoff retry regarding OSSIndex calls.
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -408,7 +408,9 @@ ossindex.request.max.purl=128
 
 # Optional
 # Base URL for OSS Index API. Override to use a proxy or alternative instance.
-# scanner.ossindex.base.url=https://ossindex.sonatype.org
+# NOTE: Sonatype is migrating to a new API at https://api.guide.sonatype.com
+#       which will require new API tokens. The legacy endpoint will be deprecated.
+# scanner.ossindex.base.url=https://api.guide.sonatype.com
 
 # Optional
 # Defines the maximum amount of retries to perform for each request to the OSS Index API.
