Configuration

Sonatype Guide

jake guide queries Sonatype Guide to check your Python dependencies for known vulnerabilities. Authentication is required — sign up for a free account at guide.sonatype.com and generate an API token from your profile settings.

Supply credentials via environment variables (recommended for CI/CD):

export SONATYPE_GUIDE_USERNAME=your@email.com
export SONATYPE_GUIDE_TOKEN=your-api-token
jake guide

Or pass them directly on the command line:

jake guide -u your@email.com --token your-api-token

Fallback support for OSS Index variables

If you are migrating from jake v3, the legacy OSS_INDEX_USERNAME and OSS_INDEX_TOKEN environment variables are still accepted as fallbacks when the new SONATYPE_GUIDE_* variables are not set.

Primary (v4)

Fallback (v3 legacy)

SONATYPE_GUIDE_USERNAME

OSS_INDEX_USERNAME

SONATYPE_GUIDE_TOKEN

OSS_INDEX_TOKEN

Sonatype Nexus Lifecycle

jake iq submits a CycloneDX SBOM to a Sonatype Lifecycle server for policy evaluation. All connection parameters are supplied on the command line:

jake iq -s https://my-nexus-lifecycle -i APP_ID -u USERNAME -p PASSWORD

See jake iq --help for the full list of options.