Welcome to the June 2021 edition of the Tidelift Product Update, or Pupdate for short! The Pupdate is our monthly rundown of new features and enhancements in the Tidelift product, and there’s a picture of a dog at the end!
Ah, summer is here and things are heating up here at Tidelift. In case you missed it, we hosted the first-ever Upstream event. One of my personal highlights from the day was a talk from Erin McKean on the different types of documentation that you should consider creating for open source projects. I know we’re constantly improving the documentation of our own product, and she gave us some great ideas on how to improve. In case you missed it, all of the talks are still available to stream.
We also published the results of a brand-new maintainer survey, and Tidelift is making a meaningful and growing impact on the amount of income our partnered maintainers are receiving. We are proud to be a part of this community of open source practitioners and maintainers. The real superheroes aren’t at the movie theater this summer. They’re right here, working with Tidelift to help all organizations use safe and secure managed open source.
So what are some new ways that we’re helping your organization use safe and healthy open source this summer? Here are three.
#1: Free bills of materials for everyone
Do you know what you’re using? A recent executive order from the U.S. government now advises software teams to maintain up-to-date software bills of materials (SBOMs) for their projects. A key feature of Tidelift’s software is to help you automatically generate and maintain up-to-date SBOMs for all of your projects and applications, and we’re making loads of improvements to improve their accuracy and functionality.
Curious about why you should use the Tidelift Subscription for SBOM tracking? Here are a few reasons:
1) Always up-to-date: You can integrate the Tidelift Subscription into a CI/CD pipeline so that your SBOM is automatically updated when the contents of the project change.
2) Identify transitive dependencies: The average JavaScript package release depends on 10-15 other packages. The SBOM shows you the many other packages that are indirect dependencies.
3) Manage internally developed packages: You can get a bird’s eye view on the return on investment of your homegrown software.
4) Developers can easily check approval status: A major benefit of using Tidelift for SBOM tracking is that it can be fully integrated with your organization’s open source catalogs. Developers can get an instant read on if the releases in their projects are approved for use and take action to remedy any unapproved releases. No longer will your team have to deal with a liturgy of issues and use guesswork to decide if a release is OK to use or not.
And want to know the best part? You can create an unlimited number of SBOMs today—for free—with a trial of the Tidelift Subscription.
—
Before we get to the pup picture, I have two other product updates to round out the month:
# 2: See all vulnerabilities for packages
For every package release, you can now get a comprehensive view of all vulnerabilities affecting a project. From the package page, select the new “vulnerabilities” tab to view all vulnerabilities that have previously affected a project.
#3: Public API documentation now available in early access
One of our most common requests has been to share our API with customers so that they can programmatically manage their organization’s custom catalogs of open source components. I am pleased to report that this API and accompanying documentation is now available in early access. If you are interested in learning more, reach out to support@tidelift.com.
—
To round out this month’s Pupdate, here’s a photo of Molly! Molly is a member of our marketing team. She’ll be spending the summer driving around the country with her dad Chris Grams.
50 Milk St, 16th Floor, Boston, MA 02109