Tidelift now provides managed open source integrated with BitBucket via Atlassian Marketplace

If your development team is like most, roughly 70%-80% of your app is built using open source components, with your own custom code layered on top. But many of these components are developed by volunteer open source maintainers who do the work for free, often as a labor of love.

You wouldn’t think of using a commercial software product where the vendor doesn’t support it with regular security updates, maintenance, and other assurances, but when it comes to the open source that makes up the bulk of your application, you use code without these sorts of guarantees every day.

Perhaps you’ve even looked into what it would take to get someone to stand behind a piece of open source software that is crucial to your app, and realized there was no one to write a check to. And your legal and procurement teams wouldn’t sign off on writing a check to a random open source developer without a contractual exchange in place anyway. So you end up supporting the open source packages yourself, which ends up draining resources that might be better spent developing your application.

This problem—that there is no good way to get enterprise-quality support and maintenance for the vast majority of open source packages used to develop modern applications—finally has a solution.

It’s called managed open source, and it is now available via the Atlassian Marketplace.

Managed open source gives application development teams a way to offload the complexity of managing their open source components themselves, saving time and reducing open source-related risk. It gives you the same capabilities you’d expect from commercial software—but for the open source components you are using to build your application.

At Tidelift, an Atlassian partner, we’ve put an interesting spin on managed open source: we actually partner with the maintainers of the packages you are using to provide the kinds of capabilities that enterprise application development teams are looking for—like security updates, licensing assurances and indemnification, maintenance and code improvement, roadmap input, and more. You get enterprise-ready open source, managed for you. Maintainers get paid to ensure their projects keep getting better. It’s a win-win.

If you’re already using Bitbucket to host your repositories, it’s now easier than ever to see for yourself how a managed open source approach might save time and reduce risk in your organization. It begins with the Tidelift Subscription, the only managed solution for open source that directly partners with the open source maintainers.

Let’s take a look at how to transition your Bitbucket repositories to begin using managed open source:

1. Begin tracking your Bitbucket repositories.
   
   
   
   With a free trial of the Tidelift Subscription, you will be able to manage the open source components in all your Bitbucket repositories. Tidelift sits neatly within your existing CI flow, whether that’s Bitbucket Pipelines or something else, so it’s easy to begin tracking your dependency use. Complete configuration instructions for Bitbucket Pipelines are here.
   
   
2. Receive critical updates from Tidelift.
   
   You’ll be immediately alerted of any updates to apply to your codebase to keep them managed. An update may look like upgrading a dependency to use the maintainer-supported release stream or to rid your codebase of fresh security vulnerabilities. You can always see the work (the management) that went into each of these updates, such as verifying a license with a maintainer or resolving conflicts between these dependencies—that’s work that you and your engineers no longer have to do yourselves.
   
   
3. Create an open source policy.
   
   
   
   With the Tidelift app connected directly in your CI, you can also introduce an open source policy into your deployment process. Want to avoid using code with copyleft licenses that require you re-share your source code? You can set that up in your open source policy and automatically block builds that contain rogue direct or transitive dependencies. Read more about configuring your open source policy.
   
   
4. Roadmap input. A key benefit of the Tidelift Subscription is the ability to provide roadmap input to the maintainers behind your critical dependencies. With millions of users, it can often be difficult for maintainers to cut through the noise and decide which work to prioritize. Because maintainers are being paid, they are more likely to listen to the needs of subscribers like you.
   
   
5. Focus on what matters. With a managed open source subscription, you’re taking the extra headaches and risk out of working with open source. On average, development teams spend almost 20% of their on code maintenance. With that time back, your application team can get back to work that really matters—like building your app.

If you’re ready to try a managed open source with your development team, you can get a free 14 day trial of the Tidelift Subscription.