<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

The Tidelift Subscription

Improve the health, security, and resilience of your
organization's open source software supply chain 

HubSpot Video

Defense in depth

RanbowDiagramwithtext-orange-v2

 

RanbowDiagramwithtext-orange-v2

 

RanbowDiagramwithtext-orange-v2

 

RanbowDiagramwithtext-orange-v3
RanbowDiagramwithtext-orange-v2
RanbowDiagramwithtext-orange-v2

white stars - top large

Visibility

Software bills of materials (SBOMs):

Detailed view into the open source components the organization is using along with the transitive dependencies being pulled into your software development lifecycle. SBOMs include insights such as:

  • Release and license information
  • Dependency chain and provenance information
  • Granular mapping of specific open source packages being used across individual applications 
  • Usage type and approval status
  • Security vulnerabilities and licensing issues
  • CycloneDX and SPDX formatting 

Learn more

SBOM Software Bill of Materials

Open source dependency chains

Dependency chains:

Advanced visibility into whether a dependency is direct or transitive with the ability to identify how specific dependencies are being pulled into your code.

Learn more

Decision-making

Improving application health:

Each application has a project health score (beta) and a corresponding dashboard to help your team focus on the most impactful work

Learn more

Package health

Vulnerability information

Vulnerabilities:

Tidelift surfaces detailed vulnerability information such as:

  • Affected releases
  • Affected applications
  • Direct or transitive dependency
  • Version guidance on other releases that are recommended for use
  • Status and availability of updates

Learn more

Package information:

Out-of-the box package information on millions of packages including details such as:

  • Number of package contributors
  • Release history
  • License and license format
  • Known security issues and vulnerabilities

Learn more

Package page information

Tidelift quality checks

Quality checks

Maintainer-sourced data that makes it easy for organizations to:

  • Improve decision-making with verified package-specific data to proactively assess the risk profile of a specific package and whether it should be approved for use or not.
  • Improve resilience by building applications that only rely on open source packages that align with the enterprise standards your organization requires.

Learn more

False positives:

Improve developer efficiency by reducing the amount of time spent on addressing false positive issues with maintainer-sourced first-hand data and recommendations on how to remediate vulnerabilities from the National Vulnerability Database.

Learn more

False positives

Governance

Security governance:

Built-in security standards to ensure developers are using known packages without any vulnerabilities with the ability to create exceptions for usage based on specific use cases that are not impacted by the vulnerability.

Learn more

Security governance

Licensing governance

Licensing governance:

Out-of-the-box licensing templates to ensure developers are only using packages with approved licenses that do not expose the organization to unexpected and unwanted legal risk.

Learn more

Maintenance governance:

Maintenance standards that help ensure developers are not using deprecated or out-of-date package versions.

Learn more

Maintenance governance

Resilience

Maintainer tasks

Maintainer tasks:

Tidelift’s maintainer partners validate that their projects meet important industry standards. These standards are designed to keep projects at a level of maturity that enterprise organizations expect, while making it simpler to make informed decisions about which components to use.

Learn more

And easy to use

Web user interface:

Easy- to- navigate web user interface (UI) best for decision makers to gain visibility and make decisions on open source software usage and management.

Learn more

Tidelfit web user interface

Tidelift command line interface makes it easy for developers to work quickly

Command line interface:

Tidelift integrates directly into CI/CD pipelines and provides a developer-centric approach so developers can get all the benefits of the Tidelift Subscription within their primary workflows.

Learn more

Watch a demo of the Tidelift Subscription

HubSpot Video
New video story: How Distributive uses Tidelift to maximize open source security and resilience

New video story: How Distributive uses Tidelift to maximize open source security and resilience

Within days of using the Tidelift application, the Distributive team found a potential vulnerability that npm-audit hadn’t, and quickly and safely fixed those issues with Tidelift’s CLI tool.

The 2023 Tidelift state of the open source maintainer report

The 2023 Tidelift state of the open source maintainer report

Hundreds of maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Upstream

Upstream

A free one-day celebration of open source, the developers who use it, and the maintainers who create it