Creating a catalog is the first step to bringing known-good open source package releases into your organization and improving project health. In this article, we will describe how to import package releases from existing sources. In addition to what's outlined here, package releases can also be requested by developers.
You can import package releases into your catalog from existing projects. If you are not currently tracking any projects with the Tidelift Subscription, you will want to start tracking a project to get a bill of materials.
Importing package releases from the catalog overview page
From the catalog overview page, you can choose to import releases, select Tidelift project, and select the appropriate projects. We will automatically add all of the releases from the latest bill of materials into your catalog. If there are any standards violations, tasks will be created before they are approved.
Importing package releases from a bill of materials page
You can also import the package releases from a specific bill of materials. By navigating to the projects tab, selecting the project, and choosing the bill of materials page, you will arrive at the bill of materials of all open-source package releases found in that project. Click the import into catalog button at the top of the page, and all package releases will be added to your catalog.
If a manager imports package releases from the bill of materials page, all releases will be automatically added to the catalog (pending any standards violations). If a developer attempts that import, those releases will be requested for manager approval.