If you are using a Tidelift catalog, you can check alignment (i.e. if a project is using only approved package releases) quickly using the Tidelift CLI. Using
tidelift alignment does not update the software bill of materials (SBOM) for the project and only requires a user API key. To update the SBOM for the project and create a record of the alignment, use
tidelift alignment save; this is ideal for CI/CD as it will require a project API key.
Checking local build alignment
- To check for your catalog alignment, you will first need to have a user API key to authenticate to the API. Be sure to note your team name when downloading your API key.
- From your project's root directory run
tidelift alignment --project PROJECT_NAME --organization ORGANIZATION_NAME. PROJECT_NAME is the name of the project as set up in Tidelift.
- From your project's root directory, run
- Once the alignment check completes, you will see the percent of package releases in the current project that are approved in the organization's catalog.
- If any package releases are not available, you will see if you should request them using
tidelift request --alland/or why they were previously denied.
Checking alignment as part of Continuous Integration
tidelift alignment save. This will update the bill of materials for the project and create a record of the alignment.