<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Maximize the health and security of the
open source powering your applications

Tools to manage open source software

A proactive approach to managing open source

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

open source maintainers

Backed by Tidelift and our maintainer partners

Tidelift partners directly with maintainers and pays them to ensure the open source software organizations rely on meets enterprise standards now and into the future.

gartner_cool_vendor_2022
spinning cool vendor
OPEN SOURCE MANAGEMENT FOR LEADING ORGANIZATIONS

The Tidelift Subscription

RanbowDiagramwithtext-orange-v2

 

RanbowDiagramwithtext-green-v2

 

RanbowDiagramwithtext-blue-v2

 

Rainbow Mobile Orange
Rainbow Mobile Green
Rainbow Mobile Blue

Key benefits of the Tidelift Subscription

screenshot-visibility

Improve visibility

Get a complete view of open source in use across the organization, including transitive dependencies while dynamically generating up-to-date SBOMs after every build.

Improve decision-making

Make more informed decisions with human- researched, validated, and normalized metadata from Tidelift and maintainer partners—and share them across the organization.

screenshot-decision-making
screenshot-governance

Improve governance

Centralize open source security, maintenance, and licensing policies and standards while empowering developers to self-serve from catalogs of approved components.

Improve resilience

Validate that the components you use meet emerging enterprise standards—now and into the future—with help from Tidelift and our maintainer partners.

screenshot-resilience
Tidelift_GuidetoOpenSource_LandingPage_iPadMockup

Tidelift partners directly with maintainers to ensure their projects meet critical industry standards

Tidelift analyzes and aggregates the most meaningful industry standards (from multiple sources, including NIST and OpenSSF) and pays open source maintainers to ensure their projects meet these standards.

KEY ENTERPRISE STANDARDS INCLUDE
Annotate licenses
Document security-policies
Track and communicate package dependencies
Update packages regularly
npm-package
Remediate vulnerable code artifacts
Implement sufficient code peer review
Implement a dependency update tool
Implement two-factor-authentication
Annotate licenses
Document security-policies
Track and communicate package dependencies
Update packages regularly
Remediate vulnerable code artifacts
Implement sufficient code peer review
Implement a dependency update tool
Implement two-factor-authentication
npm-package

Resources to get you started

The Tidelift guide to managing open source
The Tidelift guide to managing open source

Want to understand the best practices for responsibly using open source components in your organization?

Maintainer spotlight! Ned Batchelder
Maintainer spotlight! Ned Batchelder

In this episode we’re shinning our maintainer spotlight on Ned Batchelder.

Cooking with Tidelift
Cooking with Tidelift

With many people quarantined at home with their families during the pandemic, we thought it might be fun to tell the story of how the Tidelift Subscription works—as a children's book.

The 2020 Tidelift managed open source survey
The 2020 Tidelift managed open source survey

We highlight nine of the most interesting revelations that help us understand how to make open source work even better for development teams and the organizations they work within.

A demo of the Tidelift Subscription
A demo of the Tidelift Subscription

Watch an on-demand demo of the Tidelift Subscription.

Free as in Friday: Episode 3
Free as in Friday: Episode 3

Luis and Josh chat with Jorge Castro, who currently works as a community manager Arrikto, and has previously worked at VMWare and Docker.

Upstream
Upstream

A free one-day celebration of open source, the developers who use it, and the maintainers who create it

Free as in Friday: Episode 5
Free as in Friday: Episode 5

Luis and Josh lead a discussion with three folks (staff, advisor, and grantee) from the Chan-Zuckerberg Initiative Open Science work.

Free as in Friday: Episode 4
Free as in Friday: Episode 4

Luis and Josh have a conversation with A conversation with Dorothy Howard and Stuart Geiger of UCSD.

The 2021 Tidelift open source maintainer survey
The 2021 Tidelift open source maintainer survey

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers.

Supporting Python open source projects and maintainers
Supporting Python open source projects and maintainers

How do you define open source software? What are the challenges an open source project and maintainers face?

We ask a lawyer about GitHub Copilot
We ask a lawyer about GitHub Copilot

Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.

Best practices for safely and effectively building enterprise software applications with open source
Best practices for safely and effectively building enterprise software applications with open source

Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.

How to generate an SBOM with Tidelift
How to generate an SBOM with Tidelift

Tidelift solutions architect Sean Wiley shows how to demonstrate a software bill of materials (SBOM) with Tidelift.

The 2022 open source software supply chain survey report
The 2022 open source software supply chain survey report

Tidelift fielded our annual survey of technologists—including software developers, engineering executives and managers, architects, and devops pros—who build applications with open source.

Software + People: An optimistic (and practical) way forward for the open source software supply chain
Software + People: An optimistic (and practical) way forward for the open source software supply chain

Tidelift CEO Donald Fischer gives a talk entitled Software + People: An optimistic (and practical) way forward for the open source software supply chain at Tidelift's annual conference, Upstream.

Tidelift named Gartner® Cool Vendor™
Tidelift named Gartner® Cool Vendor™

Tidelift named a Cool Vendor in the May 2022 Gartner Cool Vendors in Software Engineering

The importance of a sound open source supply chain management strategy
The importance of a sound open source supply chain management strategy

As part of an open source software strategy, organizations are increasingly hosting curated OSS package management and artifact repositories internally to mitigate risk and reduce developer friction.

Why software composition analysis tools aren't enough
Why software composition analysis tools aren't enough

Historically, software composition analysis (SCA) tools were one primary way to get better visibility into open source security, maintenance, and licensing risk. But, by themselves, they are not enough.

Case study: urllib3
Case study: urllib3

Secure development practices and Python supply chain impact

Tidelift reference architecture
Tidelift reference architecture

A technical explanation of all the functionality included in the Tidelift Subscription

Case study: Distributive
Case study: Distributive

How Distributive uses Tidelift to maximize the security and resilience of its open source application components

Fireside chat: Why this CISO thinks SBOMs aren't the silver bullet
Fireside chat: Why this CISO thinks SBOMs aren't the silver bullet

Tidelift CEO and co-founder Donald Fischer sits down with Andy Ellis, former Chief Security Officer at Akamai turned startup advisor and investor and talk about the true consequences of SBOMs.

AWS + Tidelift panel: Best practices for inclusive development
AWS + Tidelift panel: Best practices for inclusive development

Inclusive is one of our core values at Tidelift. So we were delighted and inspired when our friends at AWS were interested in collaborating with us on a panel discussion about inclusive practices in open source software development.