Standards are rules that a catalog administrator can set to help decide whether a specific package or package release should be included in a catalog. We notify you and create tasks when there are standards violations, taking the guesswork (and legwork) out of catalog management. These standards can relate to licensing, security, and/or maintenance and are determined at the catalog-level.To see the available standards, including the ones turned on for your organization’s catalog, select Catalog > Standards from the left-hand navigation.
Turning standards on and off or changing their configuration options will have an immediate impact on any work that the catalog administrator needs to do, but will not automatically make any changes to what is available in your catalog or pending requests.
Tidelift also makes it easier to uphold these standards by providing verified license data and recommendations for how to handle security vulnerabilities.
Below are the current standards that are available by default for all users:
- Review security vulnerabilities – This standard ensures that every new and approved package release is reviewed for known vulnerabilities.
- Enforce license compliance – This standard ensures that every new and approved package release only uses a license from your organization’s approved list of licenses.
- No deprecated packages – This standard ensures that deprecated packages are not used by your team.
- Manual review required – By default, requests for new releases are automatically approved if they do not violate a standard. This standard can be used if you want to manually review all new requests.
When in use, these standards are upheld for all package releases that are already approved in your catalog as well as any requests for new package releases.
We have additional standards that are in limited availability and have created custom standards for customers. Reach out to email@example.com if you are interested in learning more.