Standards are rules that a catalog administrator can set to help decide whether a specific package or package release should be included in a catalog.
Tidelift notifies you and creates tasks when there are standards violations, taking the guesswork (and legwork) out of catalog management. These standards can relate to licensing, security, and/or maintenance and each standard is determined at the catalog-level.
To see the available standards, including the ones turned on for your organization’s catalog, select Catalog > Standards from the left-side navigation panel.
Current standards enabled by default for all users
- Vulnerabilities – Releases with vulnerabilities will be blocked according to your configurations.
- Known packages – Package is known by the ecosystem's package manager. Avoid unknown and potentially malicious packages in your catalog.
- Allowed licenses – Choose which software licenses are allowed in your catalog.
- Identified licenses (should be used with Allowed licenses) - Releases have a valid machine-readable license expression.
- Up to date - Outdated releases with newer options available will be blocked.
- Deprecated – Packages determined to be deprecated will be denied.
- Blocked list - Enforce your company's blocked list to block packages or releases for any reason. If you would like to modify your catalog's blocked list, please submit a support ticket.
When in use, these standards are upheld for all package releases that are already approved in your catalog. Tidelift also checks any requests for new package releases for standards violations.
Other standards available to implement
- Pre-releases - Beta or release candidate versions will be denied.