Reporting with the Tidelift Subscription

The Tidelift Subscription provides reports with key data for common questions your organization may ask about your open source usage. These reports are at the catalog level allowing you to monitor open source usage per catalog.

These reports can be downloaded as a .tsv file which can then be further manipulated by your choice of spreadsheet software. These reports are also available via our API. 

Please note that reports are limited to each run once every 24 hours.

1. Click on Catalogs in the left navigation bar.
2. Click on your desired catalog.
3. Select Reports.
4. Generate and download from the provided list of reports by selecting Request new report next to the desired report.
   
5. Receive the requested report in your email inbox (the email tied to your Tidelift account).
   
   
6. Click on the link embedded in the email to navigate to the catalog reports page where you’ll now see the option to Download the most recent report.
   
   

Catalog-wide open source use

Get a complete list of releases in your catalog and understand what's in use across your entire organization.

This report can help answer the following questions:

• What open source is being used in this catalog? 
• How frequently is a given package being used? 
• How many versions of a given package are being used?

This report is available both as a .tsv file and as an API.

Management and task activity

Open tasks help you understand what needs attention and which areas of the organization may be affected.

This report can help answer the following questions:

• What tasks are currently open?
• What projects have tasks open?
• What type of tasks are open?
• How long have these tasks been open? 
• Is there a bottleneck on a particular task type/project?

This report is available as a .tsv file.

Catalog standards violations

Understand the standards violations that impact your organization.

This report can help answer the following questions:

• What vulnerabilities are currently in my catalogs?
• What packages are bringing in the most vulnerabilities?
  
• How severe are my existing vulnerabilities?

Known vulnerabilities in projects

Understand the impact of security vulnerabilities that have impacted your most recent builds.

This report can help answer the following questions:

• What security vulnerabilities are present in my catalog?
• What projects have the most vulnerabilities?
• What packages bring in the most vulnerabilities?
• What can be done about these vulnerabilities?
  

Project health

Under changes in your project health's over time with a breakdown of the factors that impact health.

This report can help answer the following questions:

• How are my projects improving over time?
• How are the number and severity of vulnerabilities changing over time?
• Are my projects more aligned to my catalog over time?

This report is available as an API.

License attribution 

Understand the licenses declared for the open source in your projects.

This report can help answer the following question:

• What open source licenses is our current project subject to?

This is report available as an API.

Prioritized action report - NEW!

Learn how a given vulnerability is brought in and what transitive version should be used to remove the vulnerability with a generated list of security vulnerabilities that can be mitigated by upgrading a package.

This report can help answer the following questions:

• How was a vulnerability brought in? 
• What version should I be using to avoid using a version of a package with the reported vulnerability (or vulnerabilities)?