<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Webinar: How Bloomberg is supporting OSS by shifting left. Register Now

A tour of the Tidelift Subscription

A better way to manage, secure, and maintain the health of your open source supply chain.

Tidelift DEMO FINALcut shorter viersion

 

Accelerate application development, cut costs, and reduce risk with catalogs of known-good, proactively maintained open source components—backed by maintainers.

What is the Tidelift Subscription?

The Tidelift Subscription is a comprehensive solution to managing open source across the organization. It includes the tools to create, track, and manage customizable catalogs of known-good, proactively maintained open source components backed by Tidelift and its open source maintainer partners. The Tidelift Subscription allows organizations to efficiently manage the ways its developers use thousands of open source projects across JavaScript, Python, Java, PHP, Ruby, .NET, Rust, and more.

With the Tidelift Subscription in place, organizations can accelerate development, cut costs, and reduce risk when building applications with open source, so they can create even more incredible software, even faster.

how does it work

The importance of managing the open source software supply chain

In a world where software supply chain attacks are an increasingly prominent existential threat (think Equifax or SolarWinds) and make front-page news, organizations are rethinking how they manage the software they use.

92% Meanwhile, open source has become the modern development platform. A recent Tidelift study shows that 92% of enterprise software projects contain open source dependencies and in those projects as much as 70% or more of the code is open source.

There are countless open source components in use across global organizations. Not all of these components are created equal, for a number of reasons:

  • Their licenses may be incomplete, inaccurate, or incompatible with your business model and IP policies.
  • They may contain security vulnerabilities that make them inappropriate for use given your risk profile.
  • They may have an uncertain future and are at risk of not being maintained at the level you require going forward.
  • And if a component has none of these issues today, that may change over time.
open source is everywhere

The challenge of managing these open source-related security, maintenance, and licensing issues across the organization is only increasing.

In fact, our data shows that only 16% of large organizations are extremely confident that the open source components they use are up to date, secure, and well maintained, while almost 40% are not very or not at all confident.

Many organizations are seeking ways to improve their open source management practices so they can optimize the health of their open source software supply chain.

confident 1

 

Accelerate app development by optimizing your organization’s open source strategy

So how do organizations manage open source today?

Most organizations fall along a continuum from those who have no processes or policies in place to those with strict policies and scanning-based solutions in place.

Distributed approach

With this approach, developers on each team bring in new components on their own. If scanning tools are being used, the results are often ignored.

Upside

No roadblocks, devs can build and deploy quickly.

downside

Creates possibility for maintenance and security nightmares.

Centralized approach

With this approach, the organization tightly controls open source usage to avoid risk. Scanning tools block deployments until developers address concerns, which they can’t always do.

Upside

Reduce risk, avoid becoming next Equifax.

downside

Hard to move quickly and developers are frustrated.

So what’s the ideal solution for managing open source?

Development teams need ready access to open source components to build their applications so they can continue to develop applications quickly. Meanwhile the organization needs to avoid security, maintenance, and licensing-related risk. Rather than falling into the trap of choosing to move fast or stay safe, how can an organization do both at once?

An ideal solution would:

white stars - top large

wrench screwdriver icon

Include the tools that help your organization manage those sets of components proactively as internal policies/standards and open source software evolves

 

arrows icon

Integrate with your build chain and minimize the disruption of your existing processes

 

credit card icon

Incentivize the open source software development community to continue to maintain and improve the packages your business depends on

 

brackets icon

Provide a set of “good” dependencies for each of the major frameworks or “stacks” your developers want to work with

 

This is why we created the Tidelift Subscription: to give your organization a better way to efficiently manage the open source you use for application development.

How does the Tidelift Subscription work?

The Tidelift Subscription helps you reduce the complexity of managing open source components, while keeping them safe and up to date with help from Tidelift and our growing network of partnered maintainers.

tidelift-tools

Tools

The Tidelift Subscription includes all of the tools you need to efficiently track and manage open source across the organization.

  • A paved path: Accelerate development by creating catalogs of known-good, proactively maintained components your developers can draw from safely.
  • Clear policies: Automatically enforce standards like your organization’s license policy early in the development lifecycle.
  • An integrated experience: Tidelift integrates with your existing source code and repository management tools so developers don’t need to change their workflow.
      
management

Management

We research and advise you on how to resolve security, maintenance, and licensing issues. Get a head start on building a paved path for your organization’s developers with our Tidelift-managed catalogs of known-good, proactively-maintained open source components covering the language frameworks you use every day.

      
maintainers

Maintainers

Tidelift partners directly with the independent maintainers behind thousands of open source projects—with more added every day. We pay the maintainers to keep their projects enterprise-ready, meeting clearly defined security, licensing, and maintenance standards.

The more subscribers using a project, the more its maintainers get paid. Which means they can dedicate even more time to maintenance and security tasks, while continuing to invest in making their projects even better.

move fast and stay safe

 

"Tidelift is positioned as the single source of content for supported technologies so enterprises can build and manage their software using known-good OSS components."
Al Gillen and Elaina Stergiades, IDC

See benefits across the organization

With the Tidelift Subscription, internal stakeholders across the organization will benefit from having a comprehensive strategy for managing open source in place.

manager-icon

MANAGER

Accelerate development and stay safe

Build with safe, approved, and compliant packages from the start to speed up development and reduce technical debt.

Info-Security-icon

INFORMATION SECURITY

Reduce open source security risk

Get a single place to define, review, and enforce policies around security vulnerabilities in open source components.

Developer-icon

DEVELOPER

Move fast and avoid rework

Eliminate late-breaking surprises that slow down development by using pre-approved, known-good open source components.

Legal-icon

LEGAL

Reduce open source legal risk

Get a single place to define, review, and enforce license policies and get indemnification to protect against licensing-related risk.

Bottom line: Instead of building a custom system to manage open source, Tidelift gives you a complete solution. Cut costs, stay safe,  and accelerate your pace of development with the Tidelift Subscription.

Ready to see the Tidelift Subscription in action?