In this six-part series, I’m highlighting each of the key features of the Tidelift Subscription. Today in part two I cover how you can use the Tidelift Subscription to manage your open source licenses and how we automatically resolve issues for you. And if you’d like to start with a more complete view of how the Tidelift Subscription works, take a tour here.
Having your open source licenses managed for you is a key benefit of the Tidelift Subscription. We proactively resolve license problems by researching missing, inconsistent, or non-SPDX-compliant license information to identify the correct license.
The first step to seeing how license management works is signing up for a free 14-day trial of the Tidelift Subscription.
Once you’ve signed into your account and connected your first repository, you’ll be able to see which licenses are in use and which we have verified and corrected for you.
For each repository, you’ll see a comprehensive list of all the licenses in use by both your direct dependencies and the dependencies of those dependencies. And for packages whose maintainers partner with us, Tidelift indemnifies customers against claims that these packages contain copyright violations, such as copied code or an open source license violation. So you have further protection in case something goes wrong.
With the Tidelift Subscription, you can also generate a complete license attribution report of all of the licenses in use across your organization. This report—which, without a tool, can be onerous to produce—allows you to stay compliant and appropriately credit the original maintainers.
Are there specific license types that are prohibited in your organization? Just like with our security policy settings, you can also configure an open source policy to blacklist specific license types from ever entering your build.
With Tidelift, you get higher-quality license information and complete control over the licenses that are used at your organization.