This article covers how to connect Tidelift with your repositories hosted on GitHub.com using the GitHub application.
If you host your organization's code on GitHub.com, you can install the native Tidelift GitHub application to integrate the Tidelift Subscription into your team's existing workflow.
Using the Tidelift GitHub application provides several benefits:
- Repository tracking – You can control which repositories you want to track with Tidelift by either granting permission to all repositories or select repositories.
- Automatic policy enforcement – We will scan your master branch nightly and all new pull requests so that we can enforce your open source policy for you.
- User management – You can manage your team's user access to Tidelift through GitHub. Team members simply need to log in to Tidelift with their existing GitHub account to view scan details and updates.
Note: We do not currently support installing the GitHub application on personal user accounts.
Installing the GitHub application grants Tidelift certain permissions. This access requires us to have read access to your code, the ability to see members of the organization, and the ability to read and write commit statuses.
- We use read access to your code for checking the code out to do the analysis process.
- We use read access to the members and metadata of the organization to determine which users should have access to your organization in Tidelift
- We use read and write access to commit statuses so that we can use GitHub status checks to let you know about the state of the Tidelift dependency analysis on your pull requests. You can then (optionally) make those checks required to pass to be able to merge your pull request.
Please note that you're able to restrict this access to either all repositories in an organization or just to selected repositories. You can easily exclude any repositories that you do not want covered by your Tidelift Subscription.