Catch vulnerabilities in your projects, automatically on every pull request. Try Sonatype Lift for free. Install Lift


RESTful Application Programming Interface

Sonatype OSS Index provides a REST API which tool and application integrations can use to request component vulnerability reports.


The REST API specification is available via Swagger interface for more details.


The URI scheme is versioned. The current version is v3.

Content-types are also versioned. Standard content-type application/json can be used and is treated as the latest version.


To make authenticated requests use HTTP Basic authentication.

Email address is used for the HTTP Basic authentication user name.

API Token can be used in place of password.

Rate Limiting

Rate limits apply to requests. If the rate is exceeded then responses will indicate 429 Too many requests status.

Authenticated requests have a higher limit. Register for an account and authenticate requests to get a higher limit.

Use POST when requesting vulnerability reports for multiple components.