Skip to content

sonatype/guide-claude-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.claude-plugin
.claude-plugin
 
 
.mcp.json
.mcp.json
 
 
README.md
README.md
 
 

Repository files navigation

Sonatype Guide Plugin for Claude Code

Integrates Sonatype Guide MCP server to provide Claude Code with software supply chain intelligence and dependency security analysis.

Features

With this plugin, Claude Code can:

  • Analyze dependencies for vulnerabilities - Scan your project's dependencies for known security issues
  • Get version recommendations - Find secure, well-maintained versions of packages
  • Check component quality metrics - Evaluate packages based on security, licensing, and quality scores
  • Query package information - Look up detailed information about any component in Sonatype's database

Prerequisites

You need a Sonatype Guide account and API token.

Get Your Token

  1. Visit guide.sonatype.com/settings/tokens
  2. Generate a new token
  3. Copy the token value

Setup

1. Set Your Environment Variable

Add your Sonatype Guide token as an environment variable. Choose one method:

Option A: Shell profile (recommended)

Add to ~/.zshrc, ~/.bashrc, or ~/.profile:

export SONATYPE_GUIDE_TOKEN="your-token-here"

Then reload:

source ~/.zshrc  # or ~/.bashrc

Option B: Claude Code settings

Add to .claude/settings.json or ~/.claude/settings.json:

{
  "env": {
    "SONATYPE_GUIDE_TOKEN": "your-token-here"
  }
}

2. Install the Plugin

claude plugin install sonatype-guide

3. Verify Installation

Check the MCP server status:

/mcp

You should see sonatype-guide listed as connected.

Usage Examples

Once installed, ask Claude to help with dependency security:

Check a specific package:

What vulnerabilities exist in log4j 2.14.0?

Analyze project dependencies:

Scan my package.json for vulnerable dependencies

Get upgrade recommendations:

What's the most secure version of spring-core I should use?

Evaluate a component:

Analyze the security and quality of pkg:maven/org.apache.commons/commons-lang3@3.12.0

Troubleshooting

MCP server not connecting:

  • Verify your token: echo $SONATYPE_GUIDE_TOKEN
  • Ensure your token is valid at guide.sonatype.com
  • Restart Claude Code after setting the environment variable

Token not recognized:

  • If using shell profile, restart your terminal
  • If using settings.json, check JSON syntax
  • Variable name must be exactly SONATYPE_GUIDE_TOKEN

Security

Never commit your token to version control. The plugin uses environment variable expansion to keep credentials secure and user-specific.

Links

About

Claude Code plugin for Sonatype Guide

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1