Setting up your open source policy

Using a managed open source subscription provides you with the benefits of commercial software without compromising on flexibility. Tidelift's tools allow you to define and customize an open source policy. This policy is used when completing scans and providing you with results. Policies are configured at the repository-level, so you can enforce different policies for different repositories.

Some examples of how you may customize your open source policy:

  • Generate warning and fail messages for newly-introduced security vulnerabilities so you can block a build from entering production
  • Introduce a license whitelist or blacklist to ensure direct and transitive dependencies comply with your organization's legal requirements
  • Generate warnings when a package has been deprecated or when using a version on an inactive release stream

Viewing and Customizing Policies

  1. You can view the default repository policy by selecting Repositories > {your repository} > Policy
  2. You can customize the policy for each repository by creating a .tidelift.yml file in your repository's root directory and customizing it accordingly.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us