Tidelift Classic Scan Status Details

This feature is currently only available by request, please contact support@tidelift.com if you'd like to use it.

Scan API

The detailed Scan API is available as a REST endpoint or through the Tidelift CLI application. Issues found during the Scan will be populated in the response. Each issue found has fields specific to the type of issue that was discovered during the scan. Note that this is only available to customers not using a Tidelift Catalog.

Fields

Field Description Type
id ID of the Scan String
status Last status of the Scan String
revision Revision of the repository that was scanned String
branch Branch of the repository that was scanned String
manifests Results from each manifest from the scan See manifests Below
public_link URL to see scan results in Tidelift String
public_status Last status of the Scan String
sha Revision of the repository that was scanned String

manifests

Field Description Type
platform Package manager of the manifest String
paths Directory path and file name of the manifest Array(String)
issues See Issues String

issues

There are a set of fields which are common for every type of issue. There are then some fields which are added based on the issue_type

Field Description Type
platform Package manager for this package String
name Name of package String
version Version of package String
dependency_type Type of dependency it is in the manifest, ie "runtime" String
issue_type The type of issue found String
direct True if this package is declared directly in the manifest. False if this is a transient dependency. Boolean
action The issue's impact on the status of the Scan, ie "fail" or "warn" String
version_guidance Versions of the package that are recommended to use See Version Guidance Below
introduced_at Date when we first saw this issue for this repository Date ISO8601 Format

vulnerable issue type fields

Field Description Type
cve CVE ID of the vulnerability String
title Title of the CVE String
description Description of the CVE String
url Reference URL from the CVE String
recommendation Recommendation on how to handle the vulnerability String

license prohibited issue type fields

Field Description Type
licenses licenses found for this package Array(String)
spdx_expression SPDX compliant expression used for the package license String
original_license Original text of the license for this package String
allowed If your Tidelift policy file allows this license in your repository Boolean
disallowed If your Tidelift policy file does not allow this license Boolean
researched_by_tidelift If Tidelift has researched and verified this is the correct license for the package Boolean

unlicensed issue type fields

Field Description Type
researched_by_tidelift If Tidelift has researched and verified this is the correct license for the package Boolean

broken issue type fields

Field Description Type
reason Reason it is broken String

unmaintained issue type fields

Field Description Type
reasons Reasons we have found that indicate this package may be unmaintained Array(String)
close_rate_last_year The percentage of issues closed in the package repository in the last year Number
issues_prs_count_last_year Number of pull requests and issues closed in the package repository in the last year Number
latest_commit_time Date of the last commit found in the package repository Date

non spdx license issue type fields

Field Description Type
licenses licenses found for this package Array(String)
spdx_expression SPDX compliant expression used for the package license String
original_license Original text of the license for this package String

version guidance fields

Field Description Type
is_deprecated licenses found for this package Array(String)
deprecation_type SPDX compliant expression used for the package license String
deprecation_reason Original text of the license for this package String
stable_latest_stream The latest stable release stream for the package String
recommended_latest_stream The release recommended from the package's latest release stream String
recommended_current_stream The release recommended from the stream that is currently being used String

Still need help? Contact Us Contact Us