Open Source & More - Blog | Tidelift

Featured

Webinar recap: how to use Tidelift alongside your SCA tool

One question we sometimes get when talking to customers: how does Tidelift fit in with software composition analysis (SCA) tools, like Black Duck, ...

by Kristina Kaldenbach
on November 7, 2023

A maintainer-verified approach to minimizing false positives

By Kanish Sharma on October 19, 2022

Software composition analysis (SCA) tools have long been a popular way to identify security and licensing issues with open source packages. While ...

Recap: Why software composition analysis tools are not enough

By Caitlin Bixby on October 4, 2022

Last week, Tidelift CEO and co-founder Donald Fischer explored why software composition analysis (SCA) tools alone are not enough to robustly address ...

Let's talk about the hidden challenges of securing the open source software supply chain

By Amy Hays on September 8, 2022

Fact: most application developers love open source because it makes them more productive. Also a fact: Open source brings with it some security and ...

New NSA, CISA, ODNI best practices for securing the open source software supply chain

By Donald Fischer on September 6, 2022

Last week, in a response to the ever-growing list of software supply chain attacks (SolarWinds and Log4Shell specifically), the U.S. National ...

Life as a maintainer after the xz utils backdoor hack

Featured

Webinar recap: how to use Tidelift alongside your SCA tool

A maintainer-verified approach to minimizing false positives

Recap: Why software composition analysis tools are not enough

Let's talk about the hidden challenges of securing the open source software supply chain

New NSA, CISA, ODNI best practices for securing the open source software supply chain

Don't miss the latest from Tidelift

Filter by Topic

Address

Tidelift

Product

Resources

For Maintainers