ActiveState Blog

The Python 2 Threat in Your Supply Chain Is Real20211215173123

The Python 2 Threat in Your Supply Chain Is Real

Dana CraneLast Updated: December 16, 2021python 2, python 2 eol, python 2 support, Python 2 vulnerabilities, Python supply chain
Python 2 in development and test environments pose an undue risk in the face of escalating supply chain attacks....
ActiveState’s Official Statement on the Java Log4j Vulnerability20211213180550

ActiveState’s Official Statement on the Java Log4j Vulnerability

Suhani SLast Updated: December 15, 2021
After careful auditing, it has been established that ActiveState is not impacted by the critical Apache Log4j vulnerability, CVE-2021-44228....
PyPI security pitfalls and steps towards a secure Python ecosystem20211209190256

PyPI security pitfalls and steps towards a secure Python ecosystem

Dana CraneLast Updated: December 20, 2021
PyPI is improving Python supply chain security, but gaps still exist. Learn the tools and techniques to avoid Python's security pitfalls....
Managing IoT Security Threats and Vulnerabilities Better20211202132009

Managing IoT Security Threats and Vulnerabilities Better

Dana CraneLast Updated: December 2, 2021Internet of things, IoT, IoT Threats, IoT vulnerabilities, Python APIs, SBOM, Software bill of materials, software supply chain security
Securing IoT devices means securing their network, supply chain, and automating vulnerability remediation. Here's how....
How to work with vulnerable Python packages, and stay secure20211125113952

How to work with vulnerable Python packages, and stay secure

Dana CraneLast Updated: December 15, 2021Automated remediation, Common Vulnerabilities and Exposures, CVE, CVSS, NVD, Python vulnerabilities, vulnerability remediation
Vulnerabilities are a fact of Python developer life. Read this post to learn how to automate vulnerability remediation quickly and easily....
How to make your CircleCI runs faster, and more secure20211117143721

How to make your CircleCI runs faster, and more secure

Vince PowerLast Updated: November 18, 2021CI/CD, CircleCI, Continuous Integration/Continuous Delivery, runtime environment
Learn how to make your CircleCI runs faster and more secure by using a prebuilt runtime environment....
Top 10 Python Packages for Creating Synthetic Data20211112125358

Top 10 Python Packages for Creating Synthetic Data

Nicolas BohorquezLast Updated: November 12, 2021DataSynthesizer, Gretel Synthetics, mesa, mimesis, plaitpy, pydbgen, scikit-learn, synthetic data, Synthetic Data Vault, TimeSeriesGenerator, zpy
Data is expensive, but synthetic data can be just as good for a fraction of the cost. Learn how to generate synthetic data....
Which Python Dependency Manager Should I Choose?20211104194507

Which Python Dependency Manager Should I Choose?

Dana CraneLast Updated: November 5, 2021activestate platform, Anaconda, conda, dependency hell, dependency management, hatch, pip, pipenv, poetry, Python dependency management
Dependency management is hard. Environment management is harder. Learn how to do both, easier....
How to Avoid Becoming the Next SolarWinds20211028113046

How to Avoid Becoming the Next SolarWinds

Dana CraneLast Updated: October 28, 2021codecov, Google SLSA, Open source supply chain security, secure build service, software supply chain security, solarwinds, Supply chain attacks
Software supply chain attacks have been happening for years, but have only recently achieved mainstream notoriety with the SolarWinds attack in Decemb...
Top 5 Software Security Events For Business Leaders20211027222219

Top 5 Software Security Events For Business Leaders

Remi MLast Updated: October 27, 2021best python packages, python packages, third-party python packages
With cyberattacks like ransomware and supply chain attacks like SolarWinds dominating the news cycle, security, more than ever, is everyone’s business...