Developers can access policy guidance and any open disallowed dependencies (“violations”) throughout the software development lifecycle. Having consistent access to the results of your internal policies at all times is key to removing risk from your organization. Don’t make developers hunt for your policies!
CI/CD
Once Tidelift’s CLI is running in your CI/CD pipeline (see Automated application analysis), you can see violation details and recommended actions on any pull request or build.
See more CI/CD example installs in the ‘Analyzing your applications’ section.
VSCode integration (beta)
It’s a great idea to give developers information about your policies and how it affects their development choices much earlier than pull request time. Tidelift has delivered a Visual Studio Code integration for our customers that includes npm and Maven support. You can read more about use cases and configuration here. Our IntelliJ integration will be coming soon, talk to your account rep about providing feedback early!
Browser extension (beta)
We’ve outdone ourselves to ensure that developers have a clear understanding of your policies even prior to development time. Tidelift’s browser extension gives your developers, enterprise architects, OSPO, and compliance folks clear package health data, aligned with your custom policies. You can read more about use cases and configuration here.