A managed open source strategy provides a way to free yourself and your team from the time you currently spend wrangling open source dependencies. Tidelift has a unique approach to deploying a managed open source strategy in your organization, and it starts with the Tidelift Subscription.
If you’d like to find out more about how your development team could benefit from the Tidelift Subscription, you’re in luck. We just launched a 14-day free trial where you can experience it yourself! 🎉
As you become familiar with the Tidelift Subscription, here are five tips for how to get the most out of your managed open source trial:
1. Use our tools to connect your account with live data
When you create a new Tidelift account, you will first be prompted to connect one or more repositories. Connecting your repositories allows us to analyze the dependencies you’re using (and we only ever look at your manifest files, not the rest of your source code). Knowing which open source components you’re using today helps us provide you with more data about known healthy open source components you might want to use in the future.
We offer three different methods for connecting to your repositories:
- GitHub organization integration: If you use a GitHub organization for hosting your source code, you can install our GitHub app. You can grant access to only the repositories you wish to integrate with Tidelift.
- API integration: We offer a comprehensive API that works with your existing environment.
- One-time manual upload: For the quickest results, you can also manually upload a supported package manager file, such as package.json or pom.xml.
While it’s possible to get a feel for the Tidelift Subscription with sample data or in a live demo, we have found that it is most powerful to see managed open source at work with your own projects.
You’ll see exactly which open source components you use, and we’ll be able to serve up real fixes for any known issues. For example, if we discover any dependencies that you use have an unverified license, we will get to work to verify that license and provide you with a solution.
2. Define your team’s open source use guidelines
Do you already have guidelines on how your organization or team should be using open source? Fantastic! We would love to revisit these guidelines with you and see if there are ways we can help you automate some of your policies. If not, we highly encourage you to take a few minutes to articulate your team’s ideal approach to open source consumption.
You can complete this ‘open source guidelines’ template to start the conversation:
{your-company-name} Open Source Guidelines v1.0, Revised: {date}
At {your-team}, we celebrate the use of open source code. We want to focus on building software that supports {your-mission}. Whenever possible, we believe it makes sense to use open source components that augment our work and help us develop more efficiently.
When it comes to our use of open source, we are committed to:
- Block dependencies with known security vulnerabilities from entering our master branch
- Not use dependencies without an open source license or licensed under {our-license-blacklist}
- Block dependencies that are likely unmaintained from entering our master branch
- Use only versions that are known to be supported by the maintainers
- Support and contribute to the maintainers of open source by providing feedback and filing issues whenever possible
We encourage you to take some time with your team and make this template your own. You can distribute your open source guidelines in a repository to accept suggestions from the team.
As you evaluate the Tidelift Subscription, we believe you will find ways to make it easier to uphold your team’s guidelines. By integrating with your CI/CD pipeline, for example, you can keep known security vulnerabilities or dependencies with unapproved licenses from ever entering your build.
3. Provide roadmap input on one of your lifted packages
Tidelift offers comprehensive details about each one of the thousands of packages we track. You can search for any package, identify where it’s being used in your organization, and get meaningful information to help you evaluate if it’s a good fit.
One of our key benefits for subscribers is a streamlined, unified way to provide roadmap input on the packages you care about. While evaluating the Tidelift Subscription, be sure to offer up some feedback. We handle communicating with the maintainers for you so you can spend less time writing emails and more time working on your code. You’ll find that the maintainers we partner with value hearing from subscribers as their work with Tidelift often drives a meaningful portion of their income.
4. Get comfortable with your open source license use
Most teams have no idea which open source licenses they are actively using or if their usage is in compliance with the license requirements. Within the Tidelift app, you can see a complete list of all of the licenses in use by both your direct dependencies and the dependencies of those dependencies.
If you see any instances where the license information is still unknown, let us know during your free trial. We will verify the correct information for you. We can also help you generate a complete report of all of the licenses in use across your organization, which may help you earn some points with your legal team.
5. Make time to meet with our open source experts
Finally, the Tidelift Subscription is more than a set of tools. We partner directly with the maintainers of thousands of packages and provide a managed service covering thousands of dependencies across ecosystems like JavaScript, Java, Python, Ruby, PHP, and .NET.
As you use the Tidelift Subscription for the first time, it’s natural to have questions about it. We encourage you to make some notes and consult with our open source experts—you can always get in touch with them on chat. We want to ensure you see actionable and tangible benefits from managed open source early and often.
Whether that means being able to stay aligned with recommended versions or provide roadmap input on a highly used dependency, we are here to help you spend more time building software and less time wrestling with your open source dependencies.
Ready to begin your transition to managed open source? Start a 14-day free trial now.