Importing package releases into a catalog

Creating a catalog is the first step to bringing known-good open source package releases into your organization and reducing time spent by your organization on issue management. In this article, we will describe how to import package releases from existing sources. In addition to what's outlined here, package releases can also be requested by developers.

Importing package releases to your catalog can be done in a few different ways:

  1. Importing package releases from existing projects
  2. Importing package releases from an Artifactory repository

Importing additional package releases from existing projects

When deciding which package releases you want to approve, you may choose to start with what is already in use by one or more projects at an organization. We recommend this in addition to subscribing to updates on a Tidelift-managed catalog.

You can import package releases from your catalog from existing projects or from an Artifact Manager.

If you are not currently tracking any projects with the Tidelift Subscription, you will want to start tracking a project and import its package files.

Importing package releases from the catalog overview page

From the catalog overview page, you can choose to import releases, select Tidelift project, and select the appropriate projects. We will automatically add all of the releases from the latest scan into your catalog. If there are any standards violations, tasks will be created before they are approved.

Importing package releases from a bill of materials page

You can also import the package releases from a specific bill of materials. By navigating to the projects tab, then selecting your projects, and choosing the bill of materials page, you will arrive at the bill of materials of all open source package releases found in that project. Simply click the import into catalog button at the top of the page, and all package releases will be added to your catalog.

If a manager imports package releases from the bill of materials page, all releases will be automatically added to the catalog (pending any standards violations). If a developer attempts that import, those releases will be requested for manager approval.

Importing package releases from JFrog Artifactory

If you do not currently have JFrog Artifactory configured for your account, reach out to to proceed.

  1. When creating your organization’s catalog, you can also import a list of all open source package releases currently in use at your organization from Artifactory repositories.
  2. From the catalog overview, select import releases and then select JFrog Artifactory. All package releases from the selected JFrog repositories will be added to your catalog.

With a JFrog Artifactory integration set up, you can also sync back package availability directly to JFrog.