- The Tidelift Subscription now provides assurances for over 1,000 of the most popular community-led open source projects
- Most extensive database of open source now monitors 3.3 million projects
- Subscription now includes open source dependency analysis with identification and resolution of security, licensing, and maintenance issues in direct partnership with open source maintainers
BOSTON, April 30, 2019—Tidelift today announced extensive enhancements to the Tidelift Subscription to improve productivity and reduce risk for application development teams using open source components. New features include a broader set of subscriber software tools and substantially expanded coverage from open source maintainers who are compensated to maintain their projects in partnership with Tidelift. The Tidelift Subscription is the most comprehensive solution for managing the security, maintenance, and licensing aspects of the community-led open source packages that form the backbone of thousands of commercial applications.
More than 90 percent of new applications today include open source components, often with hundreds of dependencies on other projects and libraries. Keeping current with the flow of changes to those components and their impact on applications utilizing them has historically been difficult or even impossible. Through its platform, Tidelift provides a powerful set of tools to help organizations manage their open source usage more effectively, while also paying participating maintainers to deliver assurances for over 1,000 of their most widely used packages.
“Nearly all application developers rely heavily on open source code because of the many benefits it provides, yet most don’t have a strategy to keep that code secure and well maintained,” said Donald Fischer, CEO and co-founder of Tidelift. “We're partnering with creators and maintainers of a vast array of community-led open source projects to introduce the concept of managed open source, where organizations can save time and reduce risk by paying Tidelift's participating maintainers to ensure their packages meet uniform and comprehensive commercial standards.”
Accelerate software development
A new Tidelift study finds application developers spend over 30 percent of their time on code maintenance tasks, with more than a quarter directly related to the open source components they use. With the Tidelift Subscription in place, organizations can save time their developers would otherwise spend addressing the impact of changes to those components. Subscribers also minimize their exposure to open source risk by identifying vulnerabilities in components that lead to security issues such as the Heartbleed bug in OpenSSL, the Apache Struts breach at Equifax, and the software supply chain attack on the event-stream npm package.
Software tools available with the Tidelift Subscription now include an overview of security vulnerabilities and licensing issues across dependencies, at-a-glance metrics that help developers gauge how package updates impact their applications, and recommendations on when to upgrade key frameworks and libraries.
The Tidelift Subscription also supports application developers frustrated by tools that report security, maintenance, and licensing problems in transitive dependencies (dependencies-of-dependencies) without providing a way to help resolve them. Tidelift surfaces these problems to its network of open source maintainers, who work to resolve the root causes on behalf of subscribers.
Development teams wanting to learn more about their dependencies can now explore the Tidelift Subscription in the context of their own applications through the free self-service Tidelift open source dependency analyzer. Those interested can simply share the package manager files from one of their projects, and Tidelift will analyze them and create a free report on the high-level state of their open source dependencies, including three actionable suggestions to address today.
Learn more and get involved
- Learn about how software development teams accelerate their open source development and reduce risk with the Tidelift Subscription or take a tour of the subscription features
- Discover how open source maintainers can get paid for their work
Tidelift makes open source work better—for everyone. Through the Tidelift Subscription and in direct partnership with maintainers, Tidelift is a single source for proactively managed open source components and professional assurances around those components. Tidelift makes it possible for open source projects to thrive, so we can all create even more incredible software, even faster. For more: tidelift.com
Head of Marketing, Tidelift