Reporting with the Tidelift Subscription

The Tidelift Subscription provides reports with key data for common questions your organization may ask about your open source usage. These reports are at the catalog level allowing you to monitor open source usage per catalog. 

These reports can be downloaded as either TSV or JSON files which can then be further manipulated by your choice of spreadsheet software. These reports are also available via our API

Please note that some reports are limited to each run once every 24 hours.



  1. Click on Reports in the top navigation bar.
  2. Choose your desired catalog
  3. Choose your desired report
  4. Generate and download from the provided list of reports by selecting Request new report next to the desired report.
  5. Receive the requested report in your email inbox (the email tied to your Tidelift account).
  6. Click on the link embedded in the email to navigate to the catalog reports page where you’ll now see the option to Download the most recent report.

All projects compliance

Gain insight into the compliance of your organization’s projects to a catalog’s definition of good and bad packages.

This report can help answer the following questions:

  • Are projects using the guidance on good and bad packages?
  • How are the number of standards violations affecting a project changing over time?
  • How many high, medium, or low vulnerabilities are affecting a project?

Read more

All projects violations 

Prioritize developer actions with a list of standards violations and available actions to take across all projects.

This report can help answer the following questions:

  • What violations exist in my team's projects?
  • What are the patterns of risk associated with higher-level dependencies, and how can I use this information to guide developers effectively?
  • What are some specific upgrades developers can perform to remove multiple violations?

Read more

All projects package quality (formerly Tidelift recommendations)

Prioritize package migration away from lower-quality packages that Tidelift has identified as risky based on criteria such as end-of-life or deprecation. This allows you to more holistically forecast and predict open source risk.

This report can help managers answer the following questions:

  • Which of my in-use packages are not of high quality as determined by Tidelift?
  • Why doesn’t Tidelift recommend this package?

Read more

Catalog standards violations

Understand the standards violations that impact your organization.

This report can help answer the following questions:

  • What vulnerabilities are currently in my catalogs?
  • What packages are bringing in the most vulnerabilities?
  • How severe are my existing vulnerabilities?

Catalog-wide open source use

Get a complete list of releases in your catalog and understand what's in use across your entire organization.

This report can help answer the following questions:

  • What open source is being used in this catalog? 
  • How frequently is a given package being used? 
  • How many versions of a given package are being used?

Known vulnerabilities in projects

Understand the impact of security vulnerabilities that have impacted your most recent builds.

This report can help answer the following questions:

  • What security vulnerabilities are present in my catalog?
  • What projects have the most vulnerabilities?
  • What packages bring in the most vulnerabilities?
  • What can be done about these vulnerabilities?

License attribution 

Understand the licenses declared for the open source in your projects.

This report can help answer the following question:

  • What open source licenses is our current project subject to?

Prioritized action

Get a list of standard violations that are found in your projects that have available upgrades to remove the violation. 

This report can help answer the following questions:

  • How was a standard violation brought in? 
  • What version should I be using to avoid using a version of a package with the reported violation?

Project Alignments

Gain insight into the evolution of your project alignments over time, analyzing the key factors that influence your projects' progress.

This report can help answer the following questions:

  • How are my projects improving over time?
  • How are the number and severity of vulnerabilities changing over time?
  • Are my projects more aligned to my catalog over time?

End-of-life impact report

Get a complete list of package releases evaluated in your catalog for end-of-life information, maintenance status, associated vulnerabilities, and next supported versions.

This report can help answer the following questions:

  • How up-to-date are my projects?
  • Which releases in use are at end-of-life and what the impact is?

Read more

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.

Articles in this section

See more