- Know when your Python, Perl, or Tcl environment and dependencies are vulnerable
- Understand the severity level of each dependency’s vulnerability
- Easily fix vulnerable runtimes, and automatically rebuild a secure version of your environment
When it comes to helping developers resolve vulnerabilities, our goal is twofold:
- Get you back to coding as quickly as possible, , shortcutting the investigation, patch/update, rebuild, retest and redeploy process
- Fix vulnerabilities in hours instead of days
See how we do it!
FIND and FIX vulnerabilities (CVEs) on the Platform
Finding Vulnerabilities: Identify Vulnerable Projects
The ActiveState Platform is a universal package management solution for Python, Perl and Tcl, currently in Beta. It provides you with multiple ways to identify vulnerabilities associated with your open source projects:
- Email notifications are sent as soon a vulnerability is detected (coming soon)
- A detailed vulnerability report can be downloaded from the ActiveState Platform, and distributed to all stakeholders
- A vulnerability status summary is displayed for each runtime environment, as shown in the following screenshot for a Python project on the ActiveState Platform:
The summary and detailed vulnerability report are also available from the ActiveState Platform’s command line interface, the State Tool, by running:
state cve state cve report <Organization/Project>
And if you prefer to obtain vulnerability information programmatically, you can use the ActiveState Platform’s GraphQL API. Click here to try it out (you’ll need to create a free ActiveState Platform account).
But identifying vulnerable components is only the first step toward remediation.
Fixing Vulnerabilities: Remediate Vulnerable Environments
On the ActiveState Platform do the following:
- Create a new branch of your runtime environment, and switch to it.
Branches inherit the configuration of the parent, and allow you to make changes without impacting the parent.
- Point-and-click to upgrade/downgrade vulnerable packages and dependencies to a shown-secure version.
The ActiveState Platform catalog is updated regularly from PyPI, CPAN and other package repositories, ensuring you have access to the latest version as well as previous releases. Each version is assessed for vulnerabilities, allowing you to choose a secure version for your environment.
- Assess the impact of selecting a newer/older version of a dependency on all the packages and dependencies (including transitive dependencies, which are dependencies of dependencies) in your environment BEFORE you commit to them, ensuring you understand the ramifications.
Unlike most other package management solutions, the ActiveState Platform resolves dependencies automatically, ensuring your environment won’t break as a result of your actions.
- Press the Commit button to automatically rebuild your secure Python, Perl or Tcl runtime from source code, ready to deploy on Windows or Linux.
Spending less time and effort patching vulnerabilities means you can get back to coding quicker.
Conclusions – Reduce Mean Time to Remediation
Identifying and remediating open source vulnerabilities remains one of the most urgent challenges for developers. While there are a number of tools you can use today to help automate the vulnerability remediation process, no comprehensive, end-to-end solution exists.
The ActiveState Platform goes a long way toward realizing that solution by providing:
- Automated notifications
- Manual point-and-click selection of secure package/dependency versions (soon to be fully automated and offered as a branch for you to merge)
- Automated rebuilding of Python, Perl and Tcl environments
- Automated updating of your CI/CD runtime environments (read about how the ActiveState Platform can help optimize your CI/CD pipeline)
As a result, developers can speed vulnerability remediation, and organizations can decrease Mean Time To Remediation (MTTR) for open source vulnerabilities from days to just hours.
Ready to give it a try? If you have a free ActiveState Platform account, you can:
- Fork a vulnerable Python environment and remediate it: PyVulnerable project
- Fork a vulnerable Perl environment and remediate it: PerlVulnerable project