<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

The Tidelift Subscription

A proven way to manage the health and security of the open source software supply chain

The Tidelift Subscription helps streamline application development by removing obstacles that slow down developers while identifying and removing open source-related risk. See how it works.

Product Features

Understand open source usage

Stay safe with a unified view of the open source you use by generating a bill of materials along with the associated metadata for each open source component.

open source usage

Measure open source risk

Measure project health and open source risk

Get an ongoing assessment of your projects’ health and track how your organization is decreasing risk over time.

Get recommendations from Tidelift and partner maintainers

Continuously improve open source health with proactive, actionable security, licensing, and maintenance recommendations for all of the open source packages you use.

opensourceresearch

standards-policies

Define and enforce organizational standards and policies

Drive alignment across stakeholders with an inclusive approach for defining and enforcing open source standards and policies within your organization.

Build a repository of approved open source components

Eliminate the burden on individual developers of assessing open source component issues by giving them access to a repository of pre-vetted, approved components.

approved-components

workflow%20integration

Integrate with development workflows

Seamlessly integrate with developers’ existing processes through the command line interface (CLI) and CI/CD pipeline integrations.

Managed Open Source Survey

The 2020 Tidelift managed open source survey

We highlight nine of the most interesting revelations that help us understand how to make open source work even better for development teams and the organizations they work within.

white stars - top large

What is included in the Tidelift Subscription?

Open source management tools

Generate SBOMs of all the packages used in your applications with rich insights such as:

software bill of materials
Screen Shot 2022-02-16 at 10.10.44 AM

 

Tidelift catalog

Security-advised and license-annotated catalog recommendations to keep your applications safe:

  • Contextually relevant vulnerability and license related recommendations
  • Notifications when specific security and license related actions need to be performed
  • Automated licensing analysis and policies

 

Custom catalogs

Create a custom repository of pre-vetted and approved packages unique to your organization:

  • Eliminate the burden on developers of researching and assessing issues themselves
  • Drive consistent development practices across the organizations
  • Track non-public, internally-developed (inner-source) packages included in your packages
track dependencies with custom catalogs
The 2022 open source software supply chain survey report

The 2022 open source software supply chain survey report

Tidelift fielded our annual survey of technologists—including software developers, engineering executives and managers, architects, and devops pros—who build applications with open source.

Log4Shell, open source maintenance, and why SBOMs are critical now

Log4Shell, open source maintenance, and why SBOMs are critical now

Join Tidelift CEO and co-founder Donald Fisher and guest speaker Forrester Principal Analyst Sandy Carielli as they discuss some of the key lessons organizations can learn from Log4Shell along with some critical recommendations organizations can use to prepare for handling similar issues down the road.

How to generate an SBOM with Tidelift

How to generate an SBOM with Tidelift

Tidelift solutions architect Sean Wiley shows how to demonstrate a software bill of materials (SBOM) with Tidelift.