ActiveState Blog

GitHub Flooded with Malware

GitHub becomes weakest link in the software supply chain. Learn what you can do about it.

Learn the top tools for detecting malware & typosquatting as well as countering dependency confusion in open source dependencies.

Learn how to detect typosquatted packages before you import them by following along with this Python ML tutorial.

Learn the simple best practices you can implement to mitigate the risk of dependency confusion supply chain attacks.

Learn how to prevent broken software when an open source dependency you rely on disappears from its public repository.

Reproducible builds are key to security, but expensive to set up and maintain. Learn how to get secure reproducible builds without the costs.

Programmatic generation of SBOMs is an emerging requirement for ISVs to allow them and their customers to assess software risk.

SLSA’s best practices help secure your software supply chain, but they can be costly to implement. Learn about cost-effective alternatives.

Python 3.11 offers a 25% speed boost without changing a single line of code. Learn how you Python applications can benefit.

Learn about the Open Source Security Foundation’s top recommendations toward better open source supply chain security for ISVs.

Download a precompiled Python Django and Ruby on Rails environment to learn which is better for building web apps or websites in 2022.

To avoid the Great Resignation, organizations must adopt both cultural change and automation tools, beginning with dependency automation.