Watch this space for news of changes and how you can best take advantage of new features in the Tidelift subscription!
- Added upgrade guidance to the prioritized action report
- Added lifter guidance for security vulnerabilities
- Added a bulk package API to return intelligence on many packages with one API call
- Updated version guidance to work using enabled catalog standards
- Added the ability to configure task creation by catalog standard
- Added a Developer role with limited application access
- Added violation visibility for non-default branches
- Customers using SAML for Single Sign On can now pass groups as part of the SAML response to automatically map a user to a role. If you're interested in this, contact email@example.com and we can help you get set up for it.
- Added the ability to download CycloneDX bills of materials in JSON format
- Added the ability to set an external identifier for projects that can be used to associate with other systems or tracking
- Added the ability to import SPDX-formatted bills of materials
- We have added new APIs that allow assigning manually researched licenses to packages and releases
- Updated CLI to fix an authentication issue with some project keys
- We have added new APIs that allow listing, creating, and deleting overrides to standard violations
- We have added new APIs for configuring the "Releases have approved licenses" standard
- Updated REST APIs to only require passing organization name, not organization type
- We released a new design of the application to make it easier to find what you're looking for and understand how the data fits together.
- Projects can be renamed via the project update API
- Native support for Apple Silicon (M1/M2) Macs is now available in the Tidelift CLI
- We have released a redesign of the API key pages to make it easier to find and manage the API keys associated with your organization
- We have released a refresh of the quality checks on individual package pages to better highlight relevant checks to your organization by grouping related checks into categories, giving streamlined statuses, and some curation of the checks shown.
- The alignment APIs and CLI now expose information about dependency scopes so that you can use that as information in your CI integration. Read more with examples of how to use this.
- We have an updated status site that allows you to subscribe to receive email notifications when the Tidelift site is having issues.
- The bill of materials API now supports getting a bill of materials in additional formats including SPDX and CycloneDX similar to what can be fetched from the web UI.
- A new report is available to help understand how vulnerabilities are brought into your projects via the Prioritized action report
- Information on Java libraries from the Google Android Maven repository are now available within Tidelift