Product changelog

Watch this space for news of changes and how you can best take advantage of new features in the Tidelift subscription!

Note: for changes to the Tidelift CLI, see

June 2024

  • Redesigned & moved the package "Quality Checks" page to a new package "Quality Report" page
  • Added OpenSSF scorecard data to the Quality Report and our package data APIs

May 2024

April 2024

  • Added a new "End-of-life packages" standard that can be used to avoid end-of-life software risk
  • APIs which return information about packages or releases that did not include a purl have been updated to do so
  • APIs to look up information about packages and releases have been updated to allow querying by purl 
  • Added "violation actions", recommendations that help users fix issues discovered in their software

March 2024

February 2024

  • Added more nuance to the Tidelift recommendation for packages
  • Added the Tidelift recommendation for a package to the user interface
  • Added whether a package is lifted to Tidelift package intelligence API
  • Added remediation advice for vulnerabilities
  • Adjusted permissions for the developer role to allow API usage and constrain project visibility

January 2024

  • Added support for the 'replace' directive in go.mod to Go manifest handling
  • Added more detail on maintainer-verified licenses
  • Display and warn when a package has been removed from a package manager

December 2023

  • Added upgrade guidance to the prioritized action report
  • Added maintainer recommendations for security vulnerabilities

November 2023

  • Added a bulk package API to return intelligence on many packages with one API call

October 2023

  • Updated version guidance to work using enabled catalog standards
  • Added the ability to configure task creation by catalog standard 
  • Added a Developer role with limited application access
  • Added violation visibility for non-default branches

September 2023

  • Customers using SAML for Single Sign On can now pass groups as part of the SAML response to automatically map a user to a role. If you're interested in this, contact and we can help you get set up for it.

August 2023

  • Added the ability to download CycloneDX bills of materials in JSON format
  • Added the ability to set an external identifier for projects that can be used to associate with other systems or tracking
  • Added the ability to import SPDX-formatted bills of materials

July 2023

  • We have added new APIs that allow assigning manually researched licenses to packages and releases
  • Updated CLI to fix an authentication issue with some project keys

June 2023

  • We have added new APIs that allow listing, creating, and deleting overrides to standard violations
  • We have added new APIs for configuring the "Releases have approved licenses" standard
  • Updated REST APIs to only require passing organization name, not organization type

May 2023

  • We released a new design of the application to make it easier to find what you're looking for and understand how the data fits together. 
  • Projects can be renamed via the project update API
  • Native support for Apple Silicon (M1/M2) Macs is now available in the Tidelift CLI

April 2023

  • We have released a redesign of the API key pages to make it easier to find and manage the API keys associated with your organization
  • We have released a refresh of the quality checks on individual package pages to better highlight relevant checks to your organization by grouping related checks into categories, giving streamlined statuses, and some curation of the checks shown.
  • The alignment APIs and CLI now expose information about dependency scopes so that you can use that as information in your CI integration. Read more with examples of how to use this.
  • We have an updated status site that allows you to subscribe to receive email notifications when the Tidelift site is having issues.

March 2023

  • The bill of materials API now supports getting a bill of materials in additional formats including SPDX and CycloneDX similar to what can be fetched from the web UI. 
  • A new report is available to help understand how vulnerabilities are brought into your projects via the Prioritized action report
  • Information on Java libraries from the Google Android Maven repository are now available within Tidelift
Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.

Articles in this section