Project management tools

Tidelift’s APIs and reports make it easy to combine Tidelift’s data with other data sources in the tools your organization uses to organize work efforts.

Integrating Tidelift data with other data sources requires matching on one or more facets, a piece of data to identify a record among a large set of records. Tidelift’s APIs and reports focus on the following facets:

  • Releases – A combination of ecosystem (RubyGems, npm, etc), package name (active_admin, vue), and version number (1.2.3, 3.2.25) – npm vue 3.2.25
    • Releases can also be represented as purls – Package URLs – pkg:npm/vue@3.2.25
  • Packages – Just the ecosystem and package name part of a release – npm vue
    • Packages can also be represented as purls — Package URLs ­­— pkg:npm/vue
  • Projects – A repository or application in your organization that contains open source software – libraries-io

Keeping a Jira board up to date with problems that you want your developers to fix

We have an example Python script that will:

  • retrieve the latest All Projects Violations report
  • group violations by violating purl and project
  • create or update issues on a Jira board with the violation details as the issue’s description

This uses the External API to retrieve the All Projects Violations report and requires that you create a Tidelift API key.

Check out the project for implementation details. Note that this is not a full Jira integration!

Steps

1. Note the Key for your Jira board:

getting_board_key.png

2. Create a new Short text field to hold the unique Tidelift identifier for each issue:

creating_unique_field.png

3. Get a Jira API token.

4. Get a Tidelift organization or user API key.

5. Clone the jira-integration-example repository and follow the instructions. Update .env and config.yml with the settings from above.

Screenshot_20240524_092319.png

Screenshot_20240524_092450.png

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more