Reporting

Once projects' dependencies are analyzed against your standards, reports are available for download. These reports contain a list of potential developer work to reduce the attack surface of your applications. 

These reports can be downloaded as either TSV or JSON files which can then be further manipulated by your choice of spreadsheet software. Some customers choose to pull data into their own systems (such as Power BI or Kenna), while others simply view reports in Excel. These reports can also be pulled via API, which is useful to automate syncing them with other business processes.

Please note that some reports are limited to each run once every 24 hours.

 

UI-based workflow

  1. Click on Reports in the top navigation bar.
  2. Choose your desired catalog, or choose one of the organization-wide reports
  3. Choose your desired report
  4. Generate and download from the provided list of reports by selecting Request new report next to the desired report.
  5. Receive the requested report in your email inbox (the email tied to your Tidelift account).
    Screen_Shot_2022-06-08_at_12.09.20_PM.png
  6. Click on the link embedded in the email to navigate to the catalog reports page where you’ll now see the option to Download the most recent report.

All projects violations 

Prioritize developer actions with a list of standards violations and available actions to take across all projects.

This report can help answer the following questions:

  • What violations exist in my team's projects?
  • What are the patterns of risk associated with higher-level dependencies, and how can I use this information to guide developers effectively?
  • What are some specific upgrades developers can perform to remove multiple violations?

Read more


All projects compliance

Gain insight into the compliance of your organization’s projects to a catalog’s definition of good and bad packages.

This report can help answer the following questions:

  • Are projects using the guidance on good and bad packages?
  • How are the number of standards violations affecting a project changing over time?
  • How many high, medium, or low vulnerabilities are affecting a project?

Read more


All projects package quality (beta)

Prioritize package migration away from lower-quality packages that Tidelift has identified as risky based on criteria such as end-of-life or deprecation. This allows you to more holistically forecast and predict open source risk.

This report can help managers answer the following questions:

  • Which of my in-use packages are not of high quality as determined by Tidelift?
  • Why doesn’t Tidelift recommend this package?

Read more


End-of-life (EOL) impact report

Get a complete list of package releases evaluated in your catalog for end-of-life information, maintenance status, associated vulnerabilities, and next supported versions.

This report can help answer the following questions:

  • How up-to-date are my projects?
  • Which releases in use are at end-of-life and what the impact is?

Read more


Catalog activity audit 

Export a catalog’s activity feed log from the previous 30 days.

This report can help answer the following questions:

  • When was a particular release requested, approved, or denied for use in my catalog? Was this a user-initiated event or was it automated by Tidelift?
  • When was a catalog standard enabled, disabled, or configured for use in my catalog? Who performed this action? Have any overrides against this standard been created?
  • When was a release blocked for use in my organization? Why was it blocked? Who blocked it?

Read more


License attribution 

Understand the licenses declared for the open source in your projects.

This report can help answer the following question:

  • What open source licenses is our organization subject to?

Catalog-wide open source use

Get a complete list of releases in your catalog and understand what's in use across your entire organization.

This report can help answer the following questions:

  • What open source is being used in this catalog? 
  • What is the approved/denied status of each release? 

Filtering reports

Sometimes you may want to see a report filtered to a particular project. To do so, do one of two things:

  • Download the report in JSON or TSV format, and filter it to the project in question

For example, if you have an "All Projects Violations" report in JSON format, you can filter it to the "sample" project with jq, you would run:

cat apv.json | jq -c '.[] | select ( .project = "sample")'
  • Request a project-filtered report with the API

A number of reports can be generated for an individual project, or list of projects, via the Tidelift API

For example, to get a All Projects Violations report for the "sample" and "othersample" projects, first call the API to generate the report:

curl -X POST  "https://api.tidelift.com/external-api/v1/MyTeam/reports/all_projects_violations/generate?projects[]=sample&projects[]=othersample"

This returns a JSON array with the ID of the new report:

{
  "report_id": "5eab5848-9202-4f28-9e86-cbae897cfff8",
  "status": "requested"
}

Once the report is finished generating, you can get your filtered report via the API in JSON format:

curl https://api.tidelift.com/external-api/v1/MyTeam/reports/all_projects_violations?id=5eab5848-9202-4f28-9e86-cbae897cfff8
Was this article helpful?
0 out of 0 found this helpful

Articles in this section