Open Source Insider

Sonatype Guide aims to steer secure open source agentic development

Adrian Bridgwater
Adrian Bridgwater

AI-driven DevSecOps company Sonatype has come forward with Sonatype Guide.

This is a developer tool designed to make AI-assisted software development faster and safer.

With some many AI coding assistants now surfacing, the company says that its new tool serves as a backbone that steers those tools toward high-quality open source components.

It also autonomously maintains dependencies over time.

The company says that AI coding assistants are helping developers move faster, but because AI models are trained on public data that may be months or years out of date, they “frequently recommend” vulnerable, low-quality, or even imagined packages.

Sonatype research suggests that coding assistants hallucinate packages and attempt to update or develop modern software with nonexistent or malicious open source components. 

“Every organisation wants to harness the productivity of AI, but they can’t afford to compromise security or long-term maintainability,” said Bhagwat Swaroop, Chief Executive Officer at Sonatype. “Guide is developer-centric, AI-native and born in the cloud. It brings discipline and intelligence to AI-assisted development. It empowers teams to move faster and safer by steering AI toward secure, reliable components and automating the tedious dependency work that slows teams down. This is a significant step forward for the industry and for our customers.”

Sonatype Guide integrates directly with AI coding assistants –  including GitHub Copilot, Google Antigravity, Claude Code, Windsurf, IntelliJ with Junie, Kiro from AWS and Cursor.

This means teams can keep their existing workflows while upgrading the quality and security of the dependencies pulled in. 

Open source intelligence

Guide is powered by Sonatype’s own open source intelligence.

Core features include an MCP Server for AI coding assistants.

“As a high-speed middleware layer between AI coding assistants and Sonatype intelligence, the MCP server intercepts package recommendations in real time. guiding developers to secure, reliable versions before code reaches the repo. It turbocharges development and delivers the ultimate shift-left by optimizing component choices in real-time,” said Swaroop and team.

The company also points to enhanced Open Source Software (OSS) search for instant decisions.

This provides a modern search experience that surfaces the lowest-effort, highest-impact fixes and upgrade choices, giving developers insight into component health, security risks and recommended alternatives.

“Developers love the speed AI coding assistants unlock, but they’re also the ones stuck untangling bad package recommendations or chasing down dependency issues later,” said Mitchell Johnson, chief product development officer at Sonatype. “Guide gives developers the help they actually want i.e. real-time intelligence that steers AI toward secure, well-maintained components and cuts out hours of research and rework. It means fewer interruptions, cleaner code from the start and more time spent building the things that matter.”

Users also get access to the Nexus One Platform API – including the Sonatype OSSI Index API format – that delivers unrestricted and backwards-compatible access to the reliable data that systems and integrations already depend on.