Sonatype provides software supply chain security and repository management tools to help organizations manage risks in their open source dependencies.
The Sonatype integration uses the REST API (v3) available at ossindex.sonatype.org.
Sonatype supports optional basic auth credentials for higher rate limits. Without credentials, the API is still accessible at reduced rate limits.
The Sonatype interface is exported as root like SonatypeResponse.
export type SonatypeResponse = {
coordinates: string;
vulnerabilities: SonatypeVulnerability[];
};import * as vulnera from "@nodesecure/vulnera";
const db = new vulnera.Database.Sonatype({
credential: new vulnera.ApiCredential({
type: "basic",
username: process.env.SONATYPE_USERNAME,
password: process.env.SONATYPE_PASSWORD
})
});export interface SonatypeOptions {
credential?: ApiCredential;
}Find the vulnerabilities of a given package using available Sonatype API parameters.
export type SonaTypeFindOneParameters = {
coordinates: string[];
};import * as vulnera from "@nodesecure/vulnera";
const db = new vulnera.Database.Sonatype();
const vulns = await db.findOne({ coordinates: ["pkg:npm/express@4.0.0"] });
console.log(vulns);Find the vulnerabilities of many packages.
export type SonaTypeFindManyParameters = {
coordinates: string[][];
};import * as vulnera from "@nodesecure/vulnera";
const db = new vulnera.Database.Sonatype();
const vulns = await db.findMany({
coordinates: [
["pkg:npm/express@4.0.0"],
["pkg:npm/lodash@4.17.0"]
]
});
console.log(vulns);