One of the amazing things about open source software is that it is basically friction-free to use. For example, if you are building an application using JavaScript, you can simply type npm install [packagename] and you are off and running. This is great when you are in application development mode, because it allows you to get new apps up and running quickly.
But when you move into the land of preparing your app for production, the tough questions start to emerge about code you drank from the open source firehose. These questions might come courtesy of your friendly neighborhood enterprise architect or head of application security:
- Where did this code come from and how is it licensed?
- Who’s on the hook for watching for, and quickly resolving, security vulnerabilities that may emerge?
- Who’s maintaining it and do they know what they are doing?
- What do we do when something breaks or conflicts with another piece of code?
- How long do the people who wrote it intend to keep maintaining it (if they plan to at all)?
Ah, the joys of using open source code in production, when freedom and flexibility run face first into the realities of enterprise requirements.
If this describes your pain, if you’ve ever not had good answers when faced with questions like these, we created the Tidelift Subscription to help you.
The Tidelift Subscription provides all of the capabilities you require from commercial software—but now for the key community-led open source components you use to build your application. Think of it like what Red Hat does for Linux, but now you can get that same type of enterprise coverage for the JavaScript, Java, Python, Ruby, PHP, and .NET packages you use to build your apps.
What do you get with the Tidelift Subscription that you don’t get if you simply download the open source code for free off the internet? Here are the six key benefits:
#1 Security updates: We keep your supply chain secure with patches for new security vulnerabilities by scanning your code and alerting you to new security vulnerabilities.
#2: Licensing verification and indemnification: We provide you with a verified downloadable list of all the licenses you’re currently using, fix licensing issues before you even know about them, and provide intellectual property indemnification so you can build your app worry-free when it comes to costly IP lawsuits.
#3: Maintenance and code improvement: We work with community open source maintainers to ensure your open source dependencies are actively maintained and keep working.
#4: Package selection and version guidance: We help you choose the best open source packages from the start, and help you stay on top of the newest releases.
#5: Roadmap input: Because of our partnership with community maintainers, Tidelift subscribers get a seat at the table with the creators of the software they depend on, in the form of a private channel to let them know about issues and enhancements that could increase their adoption of specific open source packages .
#6: Tooling and cloud integration: The Tidelift Subscription works with GitHub, GitLab, Bitbucket, and more.
Check out this new video where CEO and co-founder Donald Fischer shares even more detail about how each of these benefits can help you manage your open source dependencies better than ever before.