The Tidelift Subscription allows you to set up a catalog for your organization. The catalog represents all of the open source packages and package versions approved and denied for use in your organization’s production environment.
A catalog is made up of the packages that are approved-for-use at your organization, improving organizational alignment and developer experience when using open source. Catalogs also include packages that are denied-for-use at your organization, creating an auditable log of the denial reason and date.
Creating a catalog with Tidelift offers several benefits:
- Version guidance so that you can ensure that only approved, known-good packages are being used in production environments.
- Centralized issue resolution workflows to streamline and automate updating the catalog. (e.g. when there are new security vulnerabilities, licensing issues, or requests from your team to start using new packages).
- Standardized open source release management, to reduce the complexity of managing your open source supply chain.
A catalog is made up of approved package releases, along with several features that support the management of the:
- Package releases can be imported or requested to be added to your catalog
- Standards – which determine what can and cannot be approved in your catalog. Standards include reviewing security vulnerabilities, enforcing license compliance, and not using deprecated packages.
- Tasks – which help your catalog administrator keep things in compliance with standards
- Data sources – which outfit your catalog with verified licensing and security data
- Activity feed – which helps you audit all changes to your catalog over
Once created, you and your developers can use your catalog in several ways:
- Align your projects so that they only use approved open source packages from the catalog.
- Provide developers with tools in their command line so they can align package releases in their repository with what’s approved in the catalog.
- Integrate catalog alignment with your CI/CD pipeline and/or Artifactory so that only known-good open source gets used in production.
Note on user roles
There are two different user roles that can be assigned to users in the Tidelift web app: administator and member.
An administrator has the ability to create and manage a catalog. They are responsible for approving new package requests, reviewing tasks, and managing the catalog. Administrators can save themselves a lot of time by using Tidelift-managed catalogs as data sources. This delegates the management of thousands of the most common packages to Tidelift. They can further simplify their work by setting up license standards for their organization.
A member is an individual who will be using the approved package releases within your organization’s catalog. They will be able to request new package releases, and will be guided to using the approved, known-good releases within your catalog. If you are a developer, see a developer's guide to catalogs.