OSS Index is moving to Sonatype Guide

UPDATE, 4/28/26: This switchover is now complete.

UPDATE, 4/8/26: Compatibility APIs and new URLs are available. If you’re an OSSI user, update your configurations before April 28th to ensure seamless continuity. Not sure if you’ll need a paid Guide account? Log in to Guide with your OSSI credentials to see review your past usage. Get more info about the switch on our main domain, or get detailed instructions in our documentation.

Read our our blog post about this topic, and review our guidance to OSS Index users.

For years, Sonatype has maintained OSS Index as a free, high-quality, open-source vulnerability database. It’s widely used across the ecosystem, and we’re proud to be part of your dependency decision-making.

But OSS Index was designed for an era of manual decisions and manual reviews. Today, dependency decisions aren’t manual. They’re driven by automated, AI-enhanced tooling, at machine speeds, and at global scale.

That’s why OSS Index APIs are rolling into Sonatype Guide. Guide was created to address the new reality of dependency management. It’s developer-focused, AI-ready, and designed to work with the true scale of the modern software supply chain.

Our goal is to make this transition easy. OSS Index will continue to be available through compatibility APIs in Sonatype Guide and existing integrations like Dependency-Track and Dependency-Check. No action is currently required for existing OSS Index users. We’ll provide additional migration details by March 31st.

If you’re not familiar with Sonatype Guide yet, visit guide.sonatype.com to give it a go. It’s free to get started, works in your browser and with your AI agents, and delivers the same bleeding-edge OSS component intelligence that Sonatype is known for.

• Have questions about Guide or want to share your results? Check out our new category in the Community about Guide.
• Current OSS Index user? Review our guidance to OSS Index users.
• Interested in the rationale behind this change? Check out our blog post on this topic.
• Need technical details? See our documentation here.

Hello,

in OSS Index Migration to Sonatype Guide it is stated:
March 31, 2026

• Users can sign in to Sonatype Guide using existing OSS Index credentials.
• Users may review account settings, explore available plans, and begin using compatibility APIs in Guide.

I will assume that my existing OSS Index account and the new Sonatype Guide API key will be treated as the “Free” plan of Sonatype Guide?
If this is the case, how is the access to the APIs limited with the Free plan? Will accessing the APIs consume “Credits”, so that I may end up with blocking API calls very soon when using the “Free” subscription?

Greetings,
Rainer

Hi, Rainer! You’re correct. Current OSS Index users who create a Sonatype Guide account will start on the Free tier of Sonatype Guide.

API usage consumes credits, but the Guide OSSI compatibility API uses credits at a reduced rate compared to the new Sonatype Guide API.

The Free tier includes 500 credits per month, which resets each month. 500 credits/month should allow most users to continue using the service without interruption. If you’re concerned you might hit the limits – after March 31st, you’ll be able to log in and see your historical usage of OSS Index, which will help you decide which plan is right for your org.

You can learn more about credits and available plans here.