Language: 日本語English

sonatype-guide Plugin

Category
Security
Topics
Security, Auth & Compliance · AI Agents & AI App Development
First seen
2026-07-09
Last confirmed
2026-07-13
Explanation last updated
2026-07-12

The explanation below is AI-generated. Please verify it against the sources.

sonatype-guide is a Claude Code plugin that integrates the Sonatype Guide MCP server to bring software supply chain intelligence and dependency security analysis into Claude Code. According to the README, it lets Claude proactively evaluate dependencies before install/upgrade, surface CVEs with severity scores, recommend secure versions using Developer Trust Scores, audit dependency manifests for security/license/policy issues, and compare libraries side-by-side. It requires a Sonatype Guide account and API token, set via the SONATYPE_GUIDE_TOKEN environment variable, and is installed with claude plugin install sonatype-guide. A bundled skill activates automatically when Claude installs, adds, or upgrades dependencies, and users can also query it directly.

Overview

Sonatype Guide is a hosted service (accessed via account and API token at guide.sonatype.com) that provides dependency vulnerability and quality intelligence; this plugin connects it to Claude Code through an MCP server.

What you can do with sonatype-guide

  • Proactively check dependencies before installing or upgrading, not just when asked
  • Analyze vulnerabilities: surface CVEs with severity scores, distinguishing direct vs transitive risks
  • Recommend secure versions with ranked upgrade paths, Developer Trust Scores, and breaking change analysis
  • Audit a project's dependency manifests for security, license, and policy compliance issues
  • Compare alternative libraries side-by-side on security
  • Ask directly, e.g. "Scan my package.json for vulnerable dependencies" or "Should I use axios or got for HTTP requests?"

Sources

Original description (English)

Sonatype Guide MCP server for software supply chain intelligence and dependency security. Analyze dependencies for vulnerabilities, get secure version recommendations, and check component quality metrics.

History of sonatype-guide

Back to list