Tidelift CLI Reference

The Tidelift command line interface (Tidelift CLI) provides an alternate way to initiate scans of a repository and check the alignment of a repository with your organization's catalog of approved open-source packages.

Commands and options

Command Structure

tidelift command [command options] [arguments...]

Scan

scan

The scan command starts a new scan for a repository. If you are using a catalog, a scan is a permanent snapshot of catalog alignment. Otherwise, scans identify issues as specified in your open source policy. In both cases, a scan can be used with CI/CD to block builds and generates a webpage with a recommended path forward. 

Options

--json Return JSON instead of formatted plaintext. (default: false)

--debug Print debug information about API responses, loaded files, and more. (default: false)

--team value (required, if not stored in .tidelift) Team name, can be found on the API Keys page.

--repo value (required, if not stored in .tidelift) Repository name, can be found on the API Keys page.

--directory value, -d value The directory of the repository. If omitted, the current directory will be used

--branch value, -b value The branch name of the repository: used for comparison to the default branch.

--revision value, -r value The name of the revision for the scan. If omitted, a revision will be automatically generated.

--wait  Wait for the scan to finish before returning

--dry-run Only print files that the scan would find, don't upload them

Status

status

Get the status (success/failure) for an uploaded scan using its revision number.

Options

--json Return JSON instead of formatted plaintext. (default: false)

--debug Print debug information about API responses, loaded files, and more. (default: false)

--team value (required, if not stored in .tidelift)  Team name, can be found on the API Keys page.

--repo value (required, if not stored in .tidelift)  Repository name, can be found on the API Keys page.

--directory value -d value The directory of the repository. If omitted, the current directory will be used

--revision value, -r value (required) The revision of the scan

--wait, -w wait for the scan to finish before returning

Align

align

Checks repository's alignment with a catalog (i.e. if a repository is using only approved package releases)

Options

--json Return JSON instead of formatted plaintext. (default: false)

--debug Print debug information about API responses, loaded files, and more. (default: false)

--team value (required, if not stored in .tidelift) Team name, can be found on the API Keys page.

--repo value (required, if not stored in .tidelift) Repository name, can be found on the API Keys page.

--directory value -d value The directory of the repository. If omitted, the current directory will be used

--allow-requested  If there is an open request for all unapproved packages, the command will return an exit code of 0 (i.e. success); useful if using this command as a pre-commit hook

Lookup

lookup [package manager] [package name]

Display approved releases for a package in your catalog

Options

--directory value -d value The directory of the repository. If omitted, the current directory will be used

--allow-requested  If there is an open request for all unapproved packages, the command will return an exit code of 0 (i.e. success); useful if using this command as a pre-commit hook

Global flags
--json Return JSON instead of formatted plaintext. (default: false)

--debug Print debug information about API responses, loaded files, and more. (default: false)

--team value (required, if not stored in .tidelift) Team name, can be found on the API Keys page.

--repo value (required, if not stored in .tidelift) Repository name, can be found on the API Keys page.

Exit codes

Each command provides an exit code so that you can incorporate it into your workflow.

  • 0: Success (e.g. for align, this means the repository is in alignment with the catalog)
  • 1: Critical failure (eg. for align, this means the catalog is not in alignment)
  • 2: Command not configured correctly (e.g. authentication failure or required options not provided)

Still need help? Contact Us Contact Us