May 27, 2021build from source, dependency conflicts, dependency resolution, environment reproducibility, python, python 3.9, security-first python

How to remediate your open source vulnerabilities quicker

Open source vulnerabilities are an inconvenient fact of every developer’s life. The ActiveState Platform helps you remediate these vulnerabilities quicker:

  • Know when your Python, Perl, or Tcl environment is vulnerable
  • Understand the severity level of each vulnerability 
  • Easily fix vulnerable runtimes, and automatically rebuild a secure version of your environment

When it comes to helping developers resolve vulnerabilities, our goal is twofold:

  1. Get you back to coding as quickly as possible
  2. Fix vulnerabilities in hours instead of days 

See how we do it!

FIND and FIX vulnerabilities (CVEs) on the Platform

Finding Vulnerabilities: Identify Vulnerable Projects

The ActiveState Platform provides you with multiple ways to identify vulnerabilities associated with your Python, Perl and Tcl projects:

  1. Email notifications are sent as soon a vulnerability is detected (coming soon)
  2. A detailed vulnerability report can be downloaded from the ActiveState Platform, and distributed to all stakeholders
  3. A vulnerability status summary is displayed for each runtime environment, as shown in the following screenshot for a Python project: 

ActiveState Platform Vulnerabilities report

The summary and detailed vulnerability report are also available from the ActiveState Platform’s command line interface, the State Tool by running:

state cve

state cve report  <Organization/Project>


And if you prefer to obtain vulnerability information programmatically, you can use the ActiveState Platform’s GraphQL API.
Click here to try it out.

But identifying vulnerable components is only the first step toward remediation. 

Fixing Vulnerabilities: Remediate Vulnerable Environments

On the ActiveState Platform do the following:

  1. Create a new branch of your runtime environment, and switch to it.

    Branches inherit the configuration of the parent, and allow you to make changes without impacting the parent.
  2. Point-and-click to upgrade/downgrade vulnerable packages and dependencies to a shown-secure version.

    The ActiveState Platform catalog is updated regularly from PyPI, CPAN and other package repositories, ensuring you have access to the latest version as well as previous releases. Each version is assessed for vulnerabilities, allowing you to choose a secure version for your environment.
  3. Assess the impact of selecting a newer/older version of a component on all the packages and dependencies (including transitive dependencies) in your environment BEFORE you commit to them, ensuring you understand the ramifications.

    Unlike most other package management solutions, the ActiveState Platform resolves dependencies automatically, ensuring your environment won’t break as a result of your actions.
  4. Press the Commit button to automatically rebuild your secure Python, Perl or Tcl runtime from source code, ready to deploy on Windows, Linux and macOS.

Find and Fix Open Source Vulnerabilities

Spending less time and effort patching vulnerabilities means you can get back to coding quicker.

Conclusions – Reduce Mean Time to Remediation

Identifying and remediating open source vulnerabilities remains one of the most urgent challenges for developers. While there are a number of tools you can use today to help automate the vulnerability remediation process, no comprehensive, end-to-end solution exists. 

The ActiveState Platform goes a long way toward realizing that solution by providing:

  • Automated notifications
  • Manual point-and-click selection of secure package/dependency versions (soon to be fully automated and offered as a branch for you to merge)
  • Automated rebuilding of Python, Perl and Tcl environments
  • Automated updating of your CI/CD runtime environments (read about how the ActiveState Platform can help optimize your CI/CD pipeline)

As a result, developers can speed vulnerability remediation, and organizations can decrease Mean Time To Remediation (MTTR) for open source vulnerabilities from days to just hours.

Ready to give it a try? If you have a free ActiveState Platform account, you can: 

  1. Sign up to try our Beta version for yourself
  2. After you’re approved, you can install one of our pre-built runtimes that has existing vulnerabilities so you can see how easy it is to resolve them:

Related Reads

Data Sheet: Improve Open Source Security With a Bill of Materials

Critical Python 3 Vulnerability Affects Python 2

Dana Crane

Dana Crane

Experienced Product Marketer and Product Manager with a demonstrated history of success in the computer software industry. Strong skills in Product Lifecycle Management, Pragmatic Marketing methods, Enterprise Software, Software as a Service (SaaS), Agile Methodologies, Customer Relationship Management (CRM), and Go-to-market Strategy.