Blog
All Blog Posts
GitHub’s Malicious Repo Explosion & How to Avoid It
GitHub malware fork bombs poison the software supply chain at the point of source code generation. Learn how to avoid becoming a victim.
Read More
The Problem With Vendor Risk Management For FinServ
Vendor risk management spikes when evaluating the cybersecurity practices of open source authors. Learn how you can better manger their risk.
Read More
How Secure Should Your Python Supply Chain Be?
The security risk appetite for a project evolves over time. Learn how ActiveState's tiered approach reduces risk as requirements evolve.Â
Read More
It’s Zero Day! Do You Know Where Your Vulnerabilities Are?
Ransomware attacks are increasingly being launched from malware originating in open source ecosystems. Learn what you can do about it.
Read More
Best Practices: Building Dependencies From Source Code Without The Pain
Building open source dependencies from source code is painful, but it's the only way to ensure security. Learn how to automate the process.
Read More
Best Practices: How To Update Your Codebase Without Breaking The Build
Most organizations never update their codebase for fear of breaking the build. Here's how to manage the risk and minimize the cost.
Read More
Best Practices: How to Secure Your Codebase
The best way to avoid remediating vulnerabilities is to start with a non-vulnerable codebase. Learn the best practices to starting secure.
Read More
2023 Software Supply Chain Security Year in Review
2023 was marked by a spike in software supply chain threats, attacks & legislation. We review some of the most significant ones.
Read More
Software Supply Chain Security – ActiveState vs Sonatype
Both Sonatype & ActiveState can secure your software supply chain, but they approach the problem from very different angles. Learn how.
Read More
Software Supply Chain Security for CI/CD Pipelines
Supply chain security concerns in the build process have been growing since the Solarwinds hack way back in December 2020. That incident compromised Solarwinds’ software ...
Read More
Perl Zero Day Security Threats
The Perl Steering Committee has recently identified and patched two new major vulnerabilities that affect the Perl core, both of which make it possible for ...
Read More
The Role of Repositories in Software Supply Chain Security
Repositories bracket either end of the software supply chain for most organizations in the software industry, providing the means to store imported software assets at ...
Read More
