Watch this space for news of changes and how you can best take advantage of new features in the Tidelift subscription!
- Standards to use only non-deprecated or Tidelift-approved releases, project groups, dependency chains, CLI enhancements
- Read more in the April product update
- Data sources – You can now use Tidelift's verified license data and Tidelift's security recommendations as data sources for your own catalog. Using data from Tidelift is the default for all new catalogs.
- List catalogs on CLI – You can now use Tidelift's CLI to view a list of all of the releases approved in a catalog in either human-readable or JSON format. Developers can now view an entire approved list without using the web application.
- Exportable license policy – You can now export your catalog's license policy as a CSV. The report also includes information about compliance with the policy.
- Delete package requests – Users can now delete accidental or no longer relevant package requests from the tasks page in the Tidelift web application.
- Multiple catalogs – All organizations can now have more than one custom catalog, perfect for supporting different deployment scenarios or policies. Create additional catalogs from the Catalogs page. In addition, roles and access can be scoped differently for each catalog.
- Automate new project creation – New projects can now be created directly from Tidelift CLI. Many CLI commands have also been restructured; See upgrading CLI for full details.
- Vulnerability scores displayed – When available, we display CVE scores within the Tidelift application, in addition to our maintainer recommendations.
- Webhooks – We have made catalog webhooks available in early access. Use these webhooks to roll your own integration with your Tidelift catalog.
- Tidelift-managed catalogs – Anyone can now browse all of the Tidelift-managed catalogs at https://tidelift.com/catalogs.
- Package page improvements – The package page has been revamped with a ton of new functionality including being able to view all package releases, grouping releases by projects, and being able to edit the package's license.
- Slack integration – Tidelift now has a Slack integration to help meet you where you work. Set it up by visiting Settings -> Integrations -> Slack and get notified when there are new catalog tasks to review and/or when your catalog requests have been approved.
- Deprecated packages standard – You can now enable the no deprecated standard for your catalog. If a package in your catalog becomes deprecated, your catalog manager will be able to remove it or create an exception. We also provide you with extra context and recommendations on how to handle package deprecations.
- Activity feed – A global audit log is now available for all catalogs. You can see who and when approved or denied packages and made changes to catalog standards.
- CLI enhancements for developers – Tidelift CLI can now be used with a user-based API key, rather than project-specific keys. When running tidelift align, you can also now see if there are already-approved releases of a package or if something you're using will be denied soon.
- Artifactory Cloud support – In addition to on-prem Artifactory, we now also integrate with Artifactory Cloud.
- Go and Rust support – We've made major improvements to our support for Go and Rust packages. These are now on our list of officially supported ecosystems.
- Improved package requests workflow – Requests that contain multiple standards violations can now be addressed in a single flow. Requests for multiple packages without standards violations are also now grouped as a single task. Learn more about how you can review and respond to requests to use new packages.
- License compliance exceptions – Exceptions can be created for specific packages and releases to use a license even when that license is not on your catalog's approved license list. Learn more about how to create and manage exceptions.
- Dark mode is now available for subscribers. Click the dropdown of your profile image and select `Activate Dark Mode` to try it out!
- We have added support for user based API keys that can be used for checking catalog alignment, requesting new packages, and more. You can learn more about all of the ways you can use the Tidelift API and CLI in the updated docs
- We changed the default behavior to automatically approve developer requests that don't violate any standards. If you want to continue to manually review each new request, you can enable the 'manual review required' standard for your catalog.
- A GitHub Action is now available for users to integrate scans with GitHub Enterprise or when they are unable to install the GitHub app. Read more about our GitHub Action.
- Catalog standards are now live for all customers. You can configure standards to determine what releases should be approved in your organization's catalog. Read more about available standards and how they
- Support for SAML Single Sign On is now available for customers on the Enterprise plan. Read more about single sign-on options.
- Tidelift CLI is now available to all Tidelift customers! Install and usage instructions are available here.
- We recently upgraded our licensing analysis to increase the accuracy of discovered licenses for individual versions of a library, and to better integrate Tidelift's license research.
- Tidelift CLI is now in alpha! With Tidelift CLI, subscribers can now initiate scans from the command line and can be used with any standard CI setup as an alternative to our API.
- For lifted packages which are deprecated by the upstream maintainer, Tidelift can now give guidance on how to migrate to a non-deprecated package. This information will show up in the package card for those deprecated packages.