Getting started with catalogs
Tidelift allows you to set up a catalog for your organization. The catalog represents all of the open source packages and package versions approved for use in your organization’s production environment.
A catalog is made up of the packages that are approved-for-use at your organization, improving organizational alignment and developer experience when using open source.
Creating a catalog with Tidelift offers several benefits:
- Version guidance so that you can ensure that only approved, known-good packages are being used in production environments.
- Centralized issue resolution workflows to streamline and automate updating the catalog. (e.g. when there are new security vulnerabilities, licensing issues, or requests from your team to start using new packages).
- Standardized open source release management, to reduce the complexity of managing your open source supply chain.
Once created, you and your developers can use your catalog in several ways:
- Align your repositories so that they only use approved open source packages from the catalog.
- Provide developers with tools in their command line so they can align package releases in their repository with what’s approved in the catalog.
- Integrate catalog alignment with your CI/CD pipeline and/or Artifactory so that only known-good open source gets used in production.
Note on user roles
There are two different user roles that can be assigned to users in the Tidelift web app: manager and developer.
A manager has the ability to create and manage a catalog. They are responsible for approving new package requests, reviewing tasks, and managing the catalog. Managers can save themselves a lot of time subscribing to updates from Tidelift-managed catalogs. This delegates the management of thousands of the most common packages to Tidelift. They can further simplify their work by setting up license standards for their organization.
A developer is an individual who will be using the approved package releases within your organization’s catalog. They will be able to request new package releases, and will be guided to using the approved, known-good releases within your catalog. If you are a developer, see a developer's guide to catalogs.