Tidelift CLI Reference

These docs are for v0.16.0 of Tidelift CLI. Some commands have been renamed (see Upgrading CLI). If you are using an older version of the CLI you can update with "tidelift selfupdate".

The Tidelift command line interface (Tidelift CLI) provides an alternate way to initiate scans of a project and check the alignment of a project with your organization's catalog of approved open-source packages.

Commands and options

Command Structure

tidelift command [command options] [arguments...]

Authenticate

authenticate

The authenticate command allows you to authenticate with your user API key. On running the command, you will be provided with instructions on how to retrieve your key and prompted to enter it. Authentication is required to use Tidelift CLI on your local machine. (Note: If you are using Tidelift CLI as part of a CI/CD pipeline, do not authenticate with this command. See this article for more information.)

Alignment

alignment

The alignment command allows you to generate a bill of materials for a project and check its alignment with your catalog. You can optionally save alignments (with the save subcommand) which is best used when integrating catalog alignment checks with CI/CD. 

Subcommands

alignment save Alignment save will store a record of the generated bill of materials and can be used for integrating with CI/CD. It requires using a Project Key, rather than a User API Key.

Options (available for alignment and alignment save)

--dry-run Only print files that the alignment would find to generate the bill of materials, don't start an alignment

--json Return JSON instead of formatted plaintext. (default: false)

--debug Print debug information about API responses, loaded files, and more. (default: false)

--organization value (required, if not stored in .tidelift) Organization name, can be found on the API Keys page.

--project value (required, if not stored in .tidelift) Project name, can be found on the API Keys page.

--directory value, -d value The directory of the project. If omitted, the current directory will be used

Options (only available for alignment)

--allow-requested  If there is an open request for all unapproved packages, the command will return an exit code of 0 (i.e. success); useful if using this command as a pre-commit hook

Options (only available for alignment save)

--branch value, -b value The branch name of the project: used for comparison to the default branch.

--revision value, -r value The name of the revision for the alignment. A revision is a unique identifier for the alignment. If omitted, it will be automatically generated.

--wait  Wait for the scan to finish before returning

Status

status

Get the status (success/failure) for a saved alignment using its revision number.

Options

--directory value -d value The directory of the project. If omitted, the current directory will be used

--revision value, -r value (required) The revision of the scan

--wait, -w wait for the alignment to finish before returning

Projects

projects

Subcommands

new [PROJECT-NAME] --organization [TYPE/NAME] [--catalog CATALOG-NAME] [--force] [--skip-dot-tidelift]

Begin tracking a new project with Tidelift. The command should be run from within the project's root directory as it will generate a .tidelift file.

Options

--catalog value The catalog the project should align with (required if the organization has multiple catalogs)

--force Overwrite an existing .tidelift file if one exists

--skip-dot-tidelift Do not create a new .tidelift file

Releases

releases

Subcommands

lookup [package manager] [package name]

Display information and approved releases for a package in your catalog

Request

request

Request packages to be approved in a catalog. Requests can be:

  • made for a single package with tidelift request [package manager] [package name] [release] (eg. tidelift request pypi urllib3 1.25.6)
  • made as a group for all packages not currently in the catalog with tidelift request --all (from the project's root directory

( Learn more about requests and how they're reviewed.)

Options

--all Request all packages not in the catalog

selfupdate

selfupdate

Update CLI to the latest version.

version

version

Print the verison number of Tidelift CLI.

Global flags

--json Return JSON instead of formatted plaintext. (default: false)

--debug Print debug information about API responses, loaded files, and more. (default: false)

--organization value (required, if not stored in .tidelift) Organization name, can be found on the API Keys page.

--project value (required, if not stored in .tidelift) Project name, can be found on the API Keys page.

Exit codes

Each command provides an exit code so that you can incorporate it into your workflow.

  • 0: Success (e.g. for align, this means the project is in alignment with the catalog)
  • 1: Critical failure (eg. for align, this means the catalog is not in alignment)
  • 2: Command not configured correctly (e.g. authentication failure or required options not provided)

Still need help? Contact Us Contact Us