Blog

Introducing the ActiveState Trust Center

Jonny Rivera

October 2, 2025

With Gartner predicting that 45% of organizations will have experienced attacks on their software supply chains this year (2025)—a threefold increase from 2021—organizations need to be confident that their partners uphold the highest security standards. Earlier this year, we achieved our SOC 2 Type 2 Compliance certification, and our commitment to security and data protection hasn’t slowed.

Today, we are excited to announce the launch of the ActiveState Trust Center, a comprehensive resource for visibility into our security practices, compliance certifications, and privacy commitments.

What’s in the ActiveState Trust Center?

Whether you’re evaluating ActiveState for the first time or you’re an existing customer seeking the latest information, users can gain access to various resources and documents, including:

  • Resources – The Trust Center hosts a variety of critical resources, both publicly available and upon request, including our SOC 2 Type 2 audit report and the results of third-party penetration testing.
  • Controls – The list of safeguards and procedures put in place around information security and personal data.
  • Subprocessors – The list of third-party data subprocessors we work with and how we use them.
  • FAQ – An FAQ is also provided for quick answers to commonly asked questions our Information Security team receives from prospective customers.

What This Means for ActiveState Customers

The launch of our Trust Center comes at a pivotal time as we’ve recently introduced our secure container offering, ActiveState Secure Containers, designed to help organizations securely deploy and manage open source vulnerabilities in containerized environments. As we continue to expand into the container market, demonstrating our internal security posture becomes essential, serving as proof that we practice what we preach.

For our customers, the ActiveState Trust Center translates into:

Enhanced Trust and Transparency: You gain greater insight and confidence in ActiveState’s commitment to protecting your critical data and maintaining secure operations.

Streamlined Compliance and Due Diligence: Reports such as our SOC 2 report significantly reduce the effort required for your own security audits and vendor risk assessments, demonstrating our adherence to leading industry best practices.

A Secure Foundation for Your Software Supply Chain: By partnering with a SOC 2 Type 2 compliant provider that prioritizes intelligent remediation, you strengthen the security posture of your own applications and development pipelines.

Explore The Trust Center Today

Ready to explore the ActiveState Trust Center? We invite you to explore and see how ActiveState’s commitment to security and compliance can support your organization’s goals. As we evolve, so too will the Trust Center, ensuring it remains a valuable resource for understanding how ActiveState provides data security. Our team will regularly update the platform with any new certifications, updates, or additional resources.

For additional information or questions regarding the ActiveState Trust Center and its contents, please contact security@activestate.com

Frequently Asked Questions

What is the ActiveState Trust Center and who is it for?

The ActiveState Trust Center is a dedicated resource at trust.activestate.com that gives customers, prospects, and security teams centralized access to ActiveState's security documentation and compliance records. It is designed for two primary audiences. Security and procurement teams evaluating ActiveState as a vendor can use it to conduct due diligence without requesting documentation through a sales process. Existing customers who need current compliance documentation for their own audits, regulatory reviews, or internal security assessments can access it on demand. The Trust Center consolidates materials that would otherwise require direct outreach to the security team, reducing the time and friction involved in vendor security reviews.

What documentation is available in the Trust Center?

The Trust Center provides access to several categories of documentation. Security reports include the SOC 2 Type 2 audit report and results from third-party penetration testing. Controls documentation lists the safeguards and procedures ActiveState has in place around information security and personal data handling. The subprocessor list identifies the third-party data processors ActiveState works with and how each is used. A FAQ section addresses the most common questions the ActiveState information security team receives during vendor evaluations. Some documents are publicly available directly from the Trust Center, while others are available upon request to qualified prospective or existing customers.

What does ActiveState's SOC 2 Type 2 certification mean for customers?

SOC 2 Type 2 is an independent third-party audit that evaluates whether a vendor's security controls are both appropriately designed and operating effectively over an extended period. Unlike a Type 1 audit, which is a point-in-time assessment, Type 2 covers a defined audit window and provides evidence that controls were consistently in place and functioning throughout that period. For customers using ActiveState to govern open source components in their development pipelines, the SOC 2 Type 2 certification provides documented assurance that ActiveState's internal security, availability, processing integrity, confidentiality, and privacy practices meet recognized standards. It also simplifies the vendor security review process for customers who need to demonstrate third-party risk management controls to their own auditors or regulators.