Requesting new package releases for the catalog
All new package releases must be requested for inclusion in a catalog. These requests ensure that only package releases that meet your catalog’s standards get approved. This article describes how requests can be made and reviewed.
Requesting package releases
A new package release can happen at several different points:
- From the development environment – While a developer is working on a repository, they can use Tidelift CLI to check for and request package releases that are not currently approved in the catalog.
- After a build is blocked – With Tidelift integrated into a CI/CD pipeline, builds will fail if they use package releases not approved in the catalog. Developers will receive a link to an overview page and can request approval for these releases from there.
- Ad-hoc – Package releases can be manually requested at any time from the Catalog > Packages page in the Tidelift web application.
If a request for a new release contains no standards violations, this request is automatically approved. If, however, you want to manually review all new requests, including those without standards violations, you can enable the "Manual review required" standard on the Catalog > Standards page.
Catalog managers must always manually review requests that violate standards (eg. a vulnerability that must be reviewed or a license that would not comply). The catalog manager would be prompted to address the violations, create an exception for this package release, or deny the request.