To help ensure that your applications are only built using libraries that you have approved as part of your catalog, the Tidelift Subscription supports integrating in a number of ways with your continuous integration process. These simple integrations will give you links to rich information on what isn't being used from your catalog and a persistent audit trail to understand the state at every test run.
We support directly plugging into a number of systems with integrations that we provide as well as providing an API and CLI to easily plug into any other system that we don't directly support today.
If you're using a system that we don't have a direct integration with, please let us know so that we can look at adding it in the future!
- If you use GitHub Enterprise, you can use our GitHub action. This action will run a check on every pull request to see if all of your dependencies are included in your catalog's approved release list. Note: This requires, for each repository, setting up the project + API key in Tidelift and storing the API key in the secrets section for that repo
- If you use another CI/CD system, you can use our CLI to kick off and run an `alignment save` as part of your test runs. For each repository, you will create a project (+ API key) in Tidelift and store that key in the appropriate secrets infrastructure provided by your CI system. Alternatively, you can create a single org-wide API Key for CI integration from Settings > Integrations > CI/CD.