Let’s address the elephant in the room.

Back in June, we launched ActiveState Secure Containers, our low-to-no CVE container images built from source with full provenance and transparency. It was our answer to one of the biggest headaches in modern DevSecOps, and we were (and still are) pretty excited about it.

But here’s the thing: if you wanted to actually browse those images, evaluate their security metrics, or compare them to community alternatives? Well, you had to head to DockerHub, pull them, and run your own testing. Not exactly the most seamless experience. 

Starting today, we’re fixing that. 

Introducing the ActiveState Secure Container Catalog

We’re excited to announce the launch of the ActiveState Secure Container Catalog — a dedicated tool to provide developers, DevOps engineers, and security teams a comprehensive view of our secure container images. No more third-party registries. No more hunting for security information. Just straightforward access to everything you need to evaluate, compare, and pull the images your team needs.

You can see the catalog in action below!

<p>Browse the Catalog</p>

Built for Teams Who Need to Do Their Due Diligence

The ActiveState Secure Container Catalog is built specifically for teams who need to do their due diligence before adopting secure containers. When we talk to development teams about container security, we hear the same frustrations repeatedly: 

Developers are tired of spending valuable time triaging CVEs, while Security professionals are stuck trying to enforce policy without slowing development. The dream isn’t complicated: teams want open source to accelerate development, not create endless security work.

The ActiveState Secure Container Catalog addresses these pain points head-on by surfacing the image attributes that actually matter. Every image in the catalog displays the data critical for technical evaluation, including:

  • Real-time vulnerability data: Up-to-date CVE count by severity, refreshed daily
  • VEX advisories: Clear visibility into which vulnerabilities actually pose risk
  • Complete component transparency: Every package, version, and license in the image
  • Build-time SBOMs: Full software bill of materials for compliance requirements
  • Architecture and compatibility: Know exactly what you’re pulling before you pull it

But here’s where it gets even better: the catalog displays ActiveState images alongside their community-maintained counterparts, allowing you to instantly compare security postures, component lists, and vulnerability profiles side by side.

Ready to See the Difference?

No more jumping between registries, no more manual security testing, no more guesswork.The ActiveState Secure Container Catalog is now live with no sign-up required at catalog.activestate.com.

Browse our growing collection of secure images for popular language runtimes, developer variants, and application images, all built from source and maintained with enterprise-grade SLAs.