Last week I wrote on DEV about about the challenges faced by organizations as they transition from closed source platforms to community-led open source. In this post, I'd like to give a sense for how we're looking to help those organizations manage the transition, via Tidelift.
Nearly all application developers rely heavily on open source code, yet most organizations don’t have a strategy to keep that code secure and well maintained.
What if you could just pay a team of experts to do this for you, like you pay your cloud provider for compute and storage?
Tidelift is partnering with creators and maintainers of a vast array of community-led open source projects to make that possible.
We call it managed open source.
The best solutions are comprehensive solutions, and we’ve reached a major milestone with the Tidelift Subscription now providing assurances for over 1,000 of the most popular community-led open source projects. That means we’re paying the maintainers of each of those projects to ensure their packages meet uniform commercial standards.
Apache Struts, Joda-Time, Vue, Babel, Material-UI, Gulp, Mongoose, Nokogiri, and hundreds of other community-led projects that are pivotal to commercial application development are now part of the Tidelift Subscription.
Even more broadly, the Tidelift Subscription monitors over 3.3 million open source packages across 37 different ecosystems.
To make this actionable for your organization—the managed open source part—we’ve launched new software tools that include an overview of security vulnerabilities, licensing issues, and technical concerns across dependencies, at-a-glance metrics that help developers gauge how package updates impact their applications, and recommendations on when to upgrade key frameworks and libraries.
Those capabilities are all powered by Tidelift’s network of participating open source maintainers, who work to resolve security, maintenance, and licensing problems on your behalf, freeing up your developers’ time.
If you want a working operating system, you could go buy a bunch of tools to help you build your own operating system image—or you could let Red Hat or Amazon do that and just subscribe to the result.
With the Tidelift Subscription in place you have what you need to deal with all your package managers, across all important dimensions—security, legal, and technical. We're giving you software tools, yes, but also services—including help directly from upstream projects.
Our goal is to "take care of it for you"—to give you ready-to-use, continuously monitored, always cared-for software. Managed open source, rather than open source that needs management.
Want to see it in action? Visit our web site for a detailed walkthrough of how it all comes together.