<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Tidelift Introduces a Comprehensive Way for Organizations to Ensure the Health of their Open Source Supply Chain

With Tidelift catalogs, application development teams can accelerate development and reduce risk by curating collections of known-good, proactively maintained open source components with help from Tidelift and its partnered maintainers.

February 2, 2021

BOSTON, February 2, 2021Tidelift, the premier provider of solutions for managing the open source software behind modern applications, today announced the general availability of Tidelift catalogs, an innovative way to ensure organizations can consistently manage the health and security of their open source software supply chain. 

“As software supply chain security makes front page news in 2021, it is more important than ever that application development teams employ a comprehensive approach to managing the open source components that make up their applications,” said Donald Fischer, CEO and co-founder, Tidelift. “With the addition of catalogs to the Tidelift Subscription, organizations can be confident that they are using open source safely without slowing down development.”

With catalogs—included as part of the Tidelift Subscription—organizations now have a comprehensive approach to curating, tracking, and managing the open source components they are using for application development while setting and enforcing usage policies.

  • A paved path: Organizations can accelerate development and reduce security and licensing-related risk by defining and curating catalogs of known-good, proactively maintained open source components. Developers can draw from them safely without fear of late-breaking deployment blockers.
  • Clear policies: Organizations can set and automatically enforce standards early in the development lifecycle, such as an organization’s license policies.
  • Integrated experience: The Tidelift Subscription integrates with existing source code and repository management tools so developers don’t need to change their workflow. They can pull approved components and submit new ones for approval directly from the command line.

As part of this announcement, Tidelift also introduces the first set of Tidelift-managed catalogs, giving organizations a head start on building a paved path of approved components for development teams to use. Developers can pull from Tidelift-managed catalogs of known-good, proactively maintained components covering common language frameworks like JavaScript, Python, Java, Ruby, PHP, .NET and Rust, backed by Tidelift and its partnered maintainers. These catalogs are designed to be enterprise ready, with Tidelift and its partnered maintainers managing them to meet clearly defined security, maintenance, and licensing standards.

With catalogs in place, the Tidelift Subscription now provides benefits to stakeholders across the organization:

  • For managers: Increase development velocity while ensuring development teams are building with safe, approved, and compliant components from the start.
  • For developers: Move fast and avoid rework, eliminating late-breaking surprises that slow down development by using pre-approved, known-good components.
  • For information security: Get a single place to define, review, and enforce policies around security vulnerabilities in open source components.
  • For legal: Get a single place to define, review, and enforce license policies and get indemnification to protect against licensing-related risk.

"Recent software supply chain security compromises remind the industry how important it is to know where your software components come from, and to be able to trust those components. Open source software is not immune to potential vulnerabilities, so it makes great sense to give your software development staff easy access to the components they need that meet enterprise standards,” said Al Gillen, Group VP, Software Development and Open Source, IDC. "Tidelift’s expansion of the Tidelift Subscription to include catalogs of known-good open source addresses this need by collecting in one location a full suite of key open source components that an organization relies on."

Learn more about Tidelift catalogs and the Tidelift Subscription

About Tidelift

Tidelift helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers a comprehensive management solution, including the tools to create customizable catalogs of known-good, proactively maintained components backed by Tidelift and its open source maintainer partners. Tidelift enables organizations to accelerate development and reduce risk when building applications with open source, so they can create even more incredible software, even faster. https://tidelift.com/ 

2018 open source survey results