Migrating from legacy OSS Index
A number of changes have occurred behind the scenes at OSS Index. These changes provide a larger, richer, and
expanding collection of vulnerabilities along with new integrations and plans for increased ecosystem coverage
and capabilities. With these updates come some changes that may impact you if you are using the OSS Index API
or open source tools.
If you have written a tool which uses the v2.0 (or earlier) API, then you will need to migrate this code to the
v3.0 API. The legacy API will stay running in the meanwhile, but it the database is no longer being maintained
and the API will eventually be decommissioned. The new database has all the same vulnerabilities (and more!) that
you can access using the legacy API.
OSS Index has a number of integrations that are using the v2.0 API. These integrations will be updated over the
coming weeks to use the v3.0 API and should all work in the same manner they do now. Integrations which use
vulnerability IDs will need to be updated, as the new OSS Index database has new UUID based vulnerability IDs
which are intended to be future-proof.