Tidelift and Continuous Integration
To help ensure that your applications are only built using libraries that you have approved as part of your catalog, Tidelift supports integrating in a number of ways with your continuous integration process. These simple integrations will give you links to rich information on what isn't being used from your catalog and a persistent audit trail to understand the state at every test run. We support directly plugging into a number of systems with integrations that we provide as well as providing an API and CLI to easily plug into any other system that we don't directly support today. If you're using a system that we don't have a direct integration with, please let us know so that we can look at adding it in the future!
- If you use GitHub.com, you can install our GitHub app. The app will run a check on every pull request to see if all of your dependencies are included in your catalog's approved release list. This will automatically discover and find new repositories as you create them in your organization (if you install for all repos) or as you install the app on new repos within the GitHub app configuratoin. Note that this requires that your users all authenticate via GitHub as we will use permissions from GitHub to decide which repositories a user can view.
- If you use Github Enterprise (or cannot install our GitHub app), you can use our GitHub action. This action will run a check on every pull request to see if all of your dependencies are included in your catalog's approved release list. Note that this requires, for each repository, setting up the repo + api key in Tidelift and storing the api key in the secrets section for that repo
- If you use another CI/CD system, you can use our CLI to kick off and run a scan as part of your test runs. For each repository, you will create a repo (+ api key) in Tidelift and store that key in the appropriate secrets infrastructure provided by your CI system.