It’s time to celebrate all the exciting progress happening at Tidelift! We’re taking a moment to reflect on all the features and functionality we’ve added to the Tidelift Subscription during the first quarter of 2022. We’ve spent hours speaking with customers and accounting for their input while also tracking all the happenings in the wider world of open source. Our engineering efforts are focused on helping organizations move fast and stay safe when building applications with open source.
Let’s dive in and explore the new features!
New features to help you move fast
Groups API and CLI
We were hearing from customers about the desire to sort their projects in more logical ways that map to how they organize applications internally. We started by implementing the ability to create groups of applications or developers. Now we've also made it possible to create and manage groups through automated tools.
To begin with, a group can be a label which is used to relate projects and developers. Here’s an example:
- Catalog = Mobile applications
- Group 1 = iOS developers
- Group 2 = Android developers
Organizations can assign iOS applications and developers to group 1 and Android applications and developers to group 2.
The ability to access and manage this feature via an API eliminates the need to go into the Tidelift user interface. Organizations can use automated tools to create and manage groups and any related project data directly from the CI/CD pipeline. This functionality makes it particularly easy for organizations to scale and bring more developers or projects into the Tidelift Subscription.
Access to the groups functionality remains available via the Tidelift user interface.
Image 1: Groups can now be created and managed in the Tidelift CLI
Figure 2: It is also simple to manage groups via the Tidelift UI
Task filter by standard
The Tidelift Subscription includes a number of standards and policies that organizations can implement out-of-the-box to help them improve the health and security of their applications. These standards cover security, licensing, maintenance, and new package review requests.
Specific users may care only about specific tasks related to their role. For example, the legal team may only want to review licensing tasks. With this feature, users can filter a task list with more granularity, which helps make a large task list more manageable and easier to prioritize, especially when onboarding more mature applications.
Figure 3: Organizations can now filter tasks via the Tidelift UI so users see only tasks related to their role
Report returned on Tidelift status
Developers spend most of their time in their CI/CD environment as they focus on writing code. Accessing build alignment results required developers to go back and forth between their CI/CD environment and the Tidelift UI. This feature is designed to help developers move faster by eliminating the need to access the Tidelift UI and providing developers relevant information directly in their CI/CD workstream. Developers can now save the results of their build alignments into their logging system in real time, and also view the results all without leaving their CI/CD environment.
Figure 4: Here is a sample of the output of the build alignment in the CLI
New feature to help you stay safe
Both the Tidelift catalog and custom catalogs functionality only allow approve or deny options for packages. This introduces complications when several applications use the same problematic release, but in different capacities. With this functionality, we directly address a customer request with the ability to tag an exception on a specific application, allowing it to continue using the problematic release, while denying usage by other applications.
Here is an example of how this feature might be used:A development team member has investigated a CVE in an old application that is soon to be sunsetted and determined the vulnerability is not exploitable. The catalog administrator can choose to apply the exception to this project. Only this project will be allowed to use this package, and their continued use will not negatively affect their project health or alignment scores.
Figure 5: It’s now possible to add a conditional exception that only applies to one or more applications via the Tidelift UI
We hope you found this product update useful. You can learn more about these features by visiting our documentation page.
Please stay tuned for future product updates!