OSS Index

OSS Index is a free service used by developers to identify open source dependencies and determine if there are any known, publicly disclosed, vulnerabilities.

OSS Index is based on vulnerability data derived from public sources and does not include human curated intelligence nor expert remediation guidance.

Software development teams with requirements for fully automated open source governance powered by precise, curated, and actionable intelligence should investigate the Nexus Platform.

Identifying open source risk during development is critical. What about the applications you’ve already built? Try Nexus Vulnerability Scanner (free).


Identify open source security vulnerabilities across a wide range of components.


Integrate open source vulnerability information across your development toolchain with pre-built tools and applications.

Nexus Platform

Automate open source governance across your entire development lifecycle at scale with precise, human curated, actionable intelligence. The Nexus Platform from Sonatype enables you to release faster while controlling open source risk.

Stop bad parts at the front door.

Continuously analyze quality and security.

Organize, store, and distribute parts.