Configuration
Sonatype Guide
jake guide queries Sonatype Guide to check your Python dependencies for known vulnerabilities.
Authentication is required — sign up for a free account at guide.sonatype.com and generate an API token
from your profile settings.
Supply credentials via environment variables (recommended for CI/CD):
export SONATYPE_GUIDE_USERNAME=your@email.com
export SONATYPE_GUIDE_TOKEN=your-api-token
jake guide
Or pass them directly on the command line:
jake guide -u your@email.com --token your-api-token
Fallback support for OSS Index variables
If you are migrating from jake v3, the legacy OSS_INDEX_USERNAME and OSS_INDEX_TOKEN environment
variables are still accepted as fallbacks when the new SONATYPE_GUIDE_* variables are not set.
Primary (v4) |
Fallback (v3 legacy) |
|---|---|
|
|
|
|
Sonatype Nexus Lifecycle
jake iq submits a CycloneDX SBOM to a Sonatype Lifecycle server for policy evaluation.
All connection parameters are supplied on the command line:
jake iq -s https://my-nexus-lifecycle -i APP_ID -u USERNAME -p PASSWORD
See jake iq --help for the full list of options.