Pulling your analyzed data into other services

Tidelift’s APIs and reports make it easy to combine Tidelift’s data with other data sources in the tools your organization uses to organize work efforts.

What can you do with Tidelift's analysis?

Tidelift’s APIs and reports provide plenty of information to help decide which issues with your open source application dependencies make sense for your team to remediate or eliminate first.

Identify the most actionable dependencies

Issues often arise in transitive dependencies – dependencies of dependencies. Most of the time you can’t directly fix the transitive dependencies, but you can upgrade or swap out the direct dependency.

Isolate issues of a specific type

There can be one or more different types of issues (for example, security vulnerabilities or licensing issues) for a single package and version! You can filter on the type of issue to constrain reports to.

Target specific attributes

Tidelift provides deeper information on why particular dependencies are bad for your organization to keep using. You can filter on violation details to, say, only focus on security vulnerabilities with a High or Critical score.

Integrating Tidelift data with other sources

Integrating Tidelift data with other data sources requires matching on one or more facets, a piece of data to identify a record among a large set of records. Tidelift’s APIs and reports focus on the following facets:

  • Releases – A combination of ecosystem (RubyGems, npm, etc), package name (active_admin, vue), and version number (1.2.3, 3.2.25) – npm vue 3.2.25
    • Releases can also be represented as purls – Package URLs – pkg:npm/vue@3.2.25
  • Packages – Just the ecosystem and package name part of a release – npm vue
    • Packages can also be represented as purls — Package URLs ­­— pkg:npm/vue
  • Projects – A repository or application in your organization that contains open source software – libraries-io

As long as the data in another tool includes one of these facets, you can integrate Tidelift's analysis of your data with those data sources:

  • Vulnerability analysis tools like Contrast Security, Sonatype, or Veracode
  • Risk analysis tools like Kenna
  • Internal business tools that unify Tidelift’s reporting data with application lifecycle information

Reference examples

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more