Reporting with the Tidelift Subscription

The Tidelift Subscription provides reports with key data for common questions your organization may ask about your open source usage. These reports are at the catalog level allowing you to monitor open source usage per catalog.

These reports can be downloaded as a .tsv file which can then be further manipulated by your choice of spreadsheet software. These reports are also available via our API

Please note that some reports are limited to each run once every 24 hours.

  1. Click on Catalogs in the left navigation bar.
  2. Click on your desired catalog.
  3. Select Reports.
  4. Generate and download from the provided list of reports by selecting Request new report next to the desired report.
  5. Receive the requested report in your email inbox (the email tied to your Tidelift account).
    Screen_Shot_2022-06-08_at_12.09.20_PM.png
  6. Click on the link embedded in the email to navigate to the catalog reports page where you’ll now see the option to Download the most recent report.

 

All projects compliance

Gain insight into the compliance of your organization’s projects to a catalog’s definition of good and bad packages.

This report can help answer the following questions:

  • Are projects using the guidance on good and bad packages?
  • How are the number of standards violations affecting a project changing over time?
  • How many high, medium, or low vulnerabilities are affecting a project?

This report is available both as a .tsv file and as an API.

Read more


 

All projects violations 

Prioritize developer actions with a list of standards violations and available actions to take across all projects.

This report can help answer the following questions:

  • What violations exist in my team's projects?
  • What are the patterns of risk associated with higher-level dependencies, and how can I use this information to guide developers effectively?
  • What are some specific upgrades developers can perform to remove multiple violations?

This is report available both as a .tsv file and as an API.

Read more


 

Tidelift recommendations

See what packages Tidelift has identified as not recommended, even in the absence of any standards violations, in order to more holistically forecast and predict open source risk.

This report can help answer the following questions:

  • Which of my in-use packages are not recommended by Tidelift?
  • Why doesn’t Tidelift recommend this package?

This report is available both as a .tsv file and as an API.

Read more


 

Catalog standards violations

Understand the standards violations that impact your organization.

This report can help answer the following questions:

  • What vulnerabilities are currently in my catalogs?
  • What packages are bringing in the most vulnerabilities?
  • How severe are my existing vulnerabilities?

 

Catalog-wide open source use

Get a complete list of releases in your catalog and understand what's in use across your entire organization.

This report can help answer the following questions:

  • What open source is being used in this catalog? 
  • How frequently is a given package being used? 
  • How many versions of a given package are being used?

This report is available both as a .tsv file and as an API.


 

Known vulnerabilities in projects

Understand the impact of security vulnerabilities that have impacted your most recent builds.

This report can help answer the following questions:

  • What security vulnerabilities are present in my catalog?
  • What projects have the most vulnerabilities?
  • What packages bring in the most vulnerabilities?
  • What can be done about these vulnerabilities?

 

License attribution 

Understand the licenses declared for the open source in your projects.

This report can help answer the following question:

  • What open source licenses is our current project subject to?

This is report available as an API.


 

Prioritized action

Get a list of standard violations that are found in your projects that have available upgrades to remove the violation. 

This report can help answer the following questions:

  • How was a standard violation brought in? 
  • What version should I be using to avoid using a version of a package with the reported violation?

 

Project Alignments

Gain insight into the evolution of your project alignments over time, analyzing the key factors that influence your projects' progress.

This report can help answer the following questions:

  • How are my projects improving over time?
  • How are the number and severity of vulnerabilities changing over time?
  • Are my projects more aligned to my catalog over time?

This report is available as an API.

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section