Tidelift offers a rich set of policy configuration options to ensure that your developers have clarity on what your organization considers risky throughout the software development lifecycle.
For any older, or non-greenfield applications, we do not recommend blocking builds. When customers implement this, it ultimately requires more management to deal with policy exceptions, policy dates, and heavy oversight on every policy violation. This creates a volume of management work that requires allocating internal resources.
This section of our documentation covers the following advanced workflows:
- Policy overrides on a per-release, and per-package basis
- Blocking releases for reasons that fall outside of Tidelift's out of the box policies
- Manually reviewing policy decisions through our task interface