Important update regarding OSS Index usage

We at Sonatype are committed to providing a high-quality, reliable service to all users of OSS Index. We are introducing rate limits and authentication requirements to ensure that the service remains available to everyone and to help manage our resources better.

Through registration and rate limits, we can better understand costs, performance levels, and ensure our service is not abused or violated by bad actors.

Starting April 24, 2023, unregistered users will be limited to 40 requests per month on OSS Index. We encourage you to create an account and authenticate with OSS Index to increase your usage limits. Authenticated users may have access to additional features and higher usage limits.

These changes are necessary to help ensure the long-term viability and sustainability of OSS Index for all users. We thank you for your understanding in advance.

If you have any questions or concerns, please don’t hesitate to contact us. Thank you for your continued support and use of OSS Index.

OSS INDEX

Find Safe Components

OSS Index is a free catalogue of open source components and scanning tools to help developers identify vulnerabilities, understand risk, and keep their software safe.

Sign up today!

Get access to:

Vulnerability details for your components
Remediation insights
Higher rate limits for API and scans

Search for components Scan your dependencies Try Sonatype Lift

Search millions of components to find any known, publicly disclosed vulnerabilities across a wide range of ecosystems.

Search by name or by coordinates.

Ecosystems

Show all supported ecosystems

Cargo

CocoaPods

Composer

Conan

Conda

CRAN

RPM

Swift

Scan your projects for open source vulnerabilities, and build security into your development toolchain with native tools and integrations. The following scan tools all utilize the OSS Index public REST API.

Java / JVM

JavaScript

AuditJS scans npm projects
VS Code plugin

Go

Nancy scans Golang projects

C/C++

Cheque scans C/C++ projects

.NET

Audit.NET scans NuGet projects
DevAudit is a cross-platform security auditing tool

Python

ossaudit scans Python projects
Jake scans Python and Conda projects

PHP

Bach scans Composer projects

Ruby

Chelsea scans RubyGem projects

Rust

Cargo Pants scans Cargo projects

R

oysteR scans R projects

Other

Sonatype DepShield continuously monitors GitHub projects for vulnerabilities
Ahab scans apt and yum operating systems
OWASP Dependency-Check is an SCA utility for scanning project dependencies
OWASP Dependency-Track is a component analysis platform
OSS Review Toolkit is a suite of tools to assist with reviewing dependencies

Sonatype Lift installs as a Github app to automatically flag vulnerabilities on every pull request, and reports findings as comments in code review. Lift catches high-risk issues and screens out likely false-positives, helping you fix the things you care about most. See what Lift finds in your project.

Try Lift for Free

Need DevSecOps at scale?

OSS Index and the associated tools are and always will be free to the community. The data we gather is derived from public sources, and does not include human curated intelligence nor expert remediation guidance.

Software development teams who want to scale with precise, curated, and highly actionable intelligence across their entire SDLC should check out the Nexus Platform. Release faster while controlling open source risk.

Vet parts early and automatically stop defective open source components from entering your software supply chain

Learn More

Manage libraries and store artifacts in a universal repository and share them across development teams

Learn More

Empower teams with precise component intelligence to enforce policies and continuously remediate risk

Learn More

Identify open source risk and remediate vulnerabilities with precise component intelligence at CI and deployment

Learn More