How to remediate your open source vulnerabilities quicker

Find and Fix Vulnerabilities Faster
Your software supply chain is only as secure as its weakest link. Get our survey report to see how other software professionals are coping and what practices you can adopt to secure your software supply chain, from dev through production.
Open source vulnerabilities are an inconvenient fact of every developer’s life. The ActiveState Platform helps you remediate these vulnerabilities quicker:

  • Know when your Python, Perl, or Tcl environment and dependencies are vulnerable
  • Understand the severity level of each dependency’s vulnerability 
  • Easily fix vulnerable runtimes, and automatically rebuild a secure version of your environment

When it comes to helping developers resolve vulnerabilities, our goal is twofold:

  1. Get you back to coding as quickly as possible, , shortcutting the investigation, patch/update, rebuild, retest and redeploy process
  2. Fix vulnerabilities in hours instead of days 

See how we do it!

FIND and FIX vulnerabilities (CVEs) on the Platform

Finding Vulnerabilities: Identify Vulnerable Projects

The ActiveState Platform is a universal package management solution for Python, Perl and Tcl, currently in Beta. It provides you with multiple ways to identify vulnerabilities associated with your open source projects:

  1. Email notifications are sent as soon a vulnerability is detected (coming soon)
  2. A detailed vulnerability report can be downloaded from the ActiveState Platform, and distributed to all stakeholders
  3. A vulnerability status summary is displayed for each runtime environment, as shown in the following screenshot for a Python project on the ActiveState Platform: 

ActiveState Platform Vulnerabilities report

The summary and detailed vulnerability report are also available from the ActiveState Platform’s command line interface, the State Tool, by running:

state cve
state cve report  <Organization/Project>

And if you prefer to obtain vulnerability information programmatically, you can use the ActiveState Platform’s GraphQL API.
Click here to try it out (you’ll need to create a free ActiveState Platform account).

But identifying vulnerable components is only the first step toward remediation. 

Fixing Vulnerabilities: Remediate Vulnerable Environments

On the ActiveState Platform do the following:

  1. Create a new branch of your runtime environment, and switch to it.
    Branches inherit the configuration of the parent, and allow you to make changes without impacting the parent.
  2. Point-and-click to upgrade/downgrade vulnerable packages and dependencies to a shown-secure version.
    The ActiveState Platform catalog is updated regularly from PyPI, CPAN and other package repositories, ensuring you have access to the latest version as well as previous releases. Each version is assessed for vulnerabilities, allowing you to choose a secure version for your environment.
  3. Assess the impact of selecting a newer/older version of a dependency on all the packages and dependencies (including transitive dependencies, which are dependencies of dependencies) in your environment BEFORE you commit to them, ensuring you understand the ramifications.
    Unlike most other package management solutions, the ActiveState Platform resolves dependencies automatically, ensuring your environment won’t break as a result of your actions.
  4. Press the Commit button to automatically rebuild your secure Python, Perl or Tcl runtime from source code, ready to deploy on Windows or Linux.

Find and Fix Open Source Vulnerabilities

Spending less time and effort patching vulnerabilities means you can get back to coding quicker.

Conclusions – Reduce Mean Time to Remediation

Identifying and remediating open source vulnerabilities remains one of the most urgent challenges for developers. While there are a number of tools you can use today to help automate the vulnerability remediation process, no comprehensive, end-to-end solution exists. 

The ActiveState Platform goes a long way toward realizing that solution by providing:

  • Automated notifications
  • Manual point-and-click selection of secure package/dependency versions (soon to be fully automated and offered as a branch for you to merge)
  • Automated rebuilding of Python, Perl and Tcl environments
  • Automated updating of your CI/CD runtime environments (read about how the ActiveState Platform can help optimize your CI/CD pipeline)

As a result, developers can speed vulnerability remediation, and organizations can decrease Mean Time To Remediation (MTTR) for open source vulnerabilities from days to just hours.

Ready to give it a try? If you have a free ActiveState Platform account, you can: 

Related Reads

Survey Report: State of Software Supply Chain Security

Data Sheet: Improve Open Source Security With a Bill of Materials

Critical Python 3 Vulnerability Affects Python 2

Recent Posts

Scroll to Top