Catalog standards

 Standards are rules that a catalog administrator can set to help decide whether a specific package or package release should be included in a catalog. We notify you and create tasks when there are standards violations, taking the guesswork (and legwork) out of catalog management. These standards can relate to licensing, security, and/or maintenance and are determined at the catalog-level.

To see the available standards, including the ones turned on for your organization’s catalog, select Catalog > Standards from the left-hand navigation.

Below are the current standards that are enabled by default for all users:

  1. Releases have no vulnerabilities– This standard ensures that every new and approved package release is reviewed for known vulnerabilities.
  2. Releases use approved licenses – This standard ensures that every new and approved package release only uses a license from your organization’s approved list of licenses.
  3. Releases are actively maintained– This standard ensures that deprecated packages are not used by your team.
  4. Releases must be manually reviewed – By default, requests for new releases are automatically approved if they do not violate a standard. This standard can be used if you want to manually review all new requests.

When in use, these standards are upheld for all package releases that are already approved in your catalog. Tidelift also checks any requests for new package releases for standards violations.

We have additional standards that are in limited availability and have created custom standards for customers. Reach out to if you are interested in learning more.