and customize specifically for your organization
Verified updates for zero-day vulnerabilities, coordinated security responses, and immediate notifications of which of your applications are impacted, with the fix prepared for you. Like your phone, just "apply updates" to stay secure.
Verified-accurate open source licenses (including IP indemnification) and customizable policy enforcement. Your up-to-date software “bill of materials” is always one click away.
Tidelift continuously guides you on your upgrade path, steering you towards the best packages and versions for your particular application. It’s like a GPS for open source software.
Tidelift partners directly with the independent maintainers behind a broad range of community-led open source projects, paying them to ensure their packages meet clearly defined security, licensing, and maintenance standards today and in the future.
Because maintainers are paid a reliable income for their ongoing work, they can dedicate their efforts towards keeping their software enterprise ready.
And maintainer income scales as more subscribers use their packages. More income means more investment making their software even better, faster.
That alignment of interests between users and creators just makes sense. It's a win-win.
"Tidelift has a really interesting approach to funding open source work. It's a pretty simple concept: maintainers get paid and the organizations who use their projects get the support and dependability they need in return."
- Evan You, Vue.js (Javascript)
"Tidelift has a solution for those companies that would otherwise have to pay many open source projects small amounts each year."
- Roel Spilker, Project Lombok (Java)
"Tidelift formalizing a lot of the project minutiae is incredibly helpful—things we should do but often don't, because there are other things to be done."
- Alex Clark, Pillow (Python)