Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.
Tidelift partners directly with maintainers and pays them to ensure the open source software organizations rely on meets enterprise standards now and into the future.
Get a complete view of open source in use across the organization, including transitive dependencies while dynamically generating up-to-date SBOMs after every build.
Make more informed decisions with human- researched, validated, and normalized metadata from Tidelift and maintainer partners—and share them across the organization.
Centralize open source security, maintenance, and licensing policies and standards while empowering developers to self-serve from catalogs of approved components.
Validate that the components you use meet emerging enterprise standards—now and into the future—with help from Tidelift and our maintainer partners.
Tidelift analyzes and aggregates the most meaningful industry standards (from multiple sources, including NIST and OpenSSF) and pays open source maintainers to ensure their projects meet these standards.
Want to understand the best practices for responsibly using open source components in your organization?
In this episode we’re shinning our maintainer spotlight on Ned Batchelder.
With many people quarantined at home with their families during the pandemic, we thought it might be fun to tell the story of how the Tidelift Subscription works—as a children's book.
We highlight nine of the most interesting revelations that help us understand how to make open source work even better for development teams and the organizations they work within.
Watch an on-demand demo of the Tidelift Subscription.
Luis and Josh chat with Jorge Castro, who currently works as a community manager Arrikto, and has previously worked at VMWare and Docker.
A free one-day celebration of open source, the developers who use it, and the maintainers who create it
Luis and Josh lead a discussion with three folks (staff, advisor, and grantee) from the Chan-Zuckerberg Initiative Open Science work.
Luis and Josh have a conversation with A conversation with Dorothy Howard and Stuart Geiger of UCSD.
In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers.
How do you define open source software? What are the challenges an open source project and maintainers face?
Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.
Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.
Tidelift solutions architect Sean Wiley shows how to demonstrate a software bill of materials (SBOM) with Tidelift.
Tidelift fielded our annual survey of technologists—including software developers, engineering executives and managers, architects, and devops pros—who build applications with open source.
Tidelift CEO Donald Fischer gives a talk entitled Software + People: An optimistic (and practical) way forward for the open source software supply chain at Tidelift's annual conference, Upstream.
Tidelift named a Cool Vendor in the May 2022 Gartner Cool Vendors in Software Engineering
As part of an open source software strategy, organizations are increasingly hosting curated OSS package management and artifact repositories internally to mitigate risk and reduce developer friction.
Historically, software composition analysis (SCA) tools were one primary way to get better visibility into open source security, maintenance, and licensing risk. But, by themselves, they are not enough.
Secure development practices and Python supply chain impact
A technical explanation of all the functionality included in the Tidelift Subscription
How Distributive uses Tidelift to maximize the security and resilience of its open source application components
Tidelift VP of Product Lauren Hanford sits down to chat with Seth Larson about all the systems and processes Seth and the team has put into place to keep urllib3 happy and healthy for all those millions of Python dependencies.
Inclusive is one of our core values at Tidelift. So we were delighted and inspired when our friends at AWS were interested in collaborating with us on a panel discussion about inclusive practices in open source software development.