We first talked about the availability of a command line interface (CLI) as part of the Tidelift Subscription in a blog post by Tyrel Souza, one of our software engineers in February of 2020. Fast-forward a year and a half, and we are excited to announce the immediate availability of CLI 1.0. CLI 1.0 is a significant achievement for us as it reflects feature maturity and stability. We already have multiple customers using 0.x versions in their production environments, and look forward to more customers adopting the tool over the coming weeks and months.
Why did we build the CLI?
Simply put, one of our guiding principles at Tidelift is to streamline the application development process by providing developer-friendly tools. Our goal with the CLI is to help developers move more quickly when using open source components in their applications.
The CLI streamlines development by eliminating the need for developers to switch back and forth between their preferred workflow and the Tidelift web interface. Instead, they can access critical recommendations and maintainer-originated information from Tidelift directly from the command line, earlier in the development lifecycle. This allows developers to implement fixes sooner, instead of having to deal with issues at the time of deployment.
What does the CLI do?
The CLI has quickly become the preferred approach to integrate Tidelift with CI/CD pipelines. Developers can use the CLI to easily create a software bill of materials (SBOM) for each of their projects. This helps them see which open source packages are a part of their applications, while also giving them visibility into metadata such as license information for those packages. The SBOM includes all transitive or indirect dependencies as well as those that developers directly bring into their projects.
Once an SBOM is created, developers can use the CLI to check how well the SBOM aligns with their organization’s custom catalog of approved packages and releases. Then, they can quickly identify whether they are using any unapproved open source releases or need to request approval for new releases of approved packages. This check can be integrated into a CI pipeline so that developers can get concrete recommendations about how to improve their project health.
Further, developers can quickly look up package release information to check which releases have been approved or denied in their catalog.
In case a particular package isn’t part of the catalog, developers can also submit a package request using the CLI.
What’s next for the CLI?
The coming versions will see enhancements to the CLI with the goal of further streamlining the development process. There will be more functionality to support a developer's day-to-day tasks within the Tidelift Subscription.