It’s time to secure your open source supply chain
The open source supply chain is increasingly under attack, with a 430% increase in upstream open source attacks over the past year.
The problem lies in the fact that the supply chain is both:
- Wide – spanning importing to building to consuming open source code, and
- Deep – millions of packages from hundreds of thousands of authors across dozens of popular languages.
In addition, the “import-build-consume” architecture for most organizations offers bad actors far too many potential points of compromise.
The ActiveState Platform eliminates many potential points of supply chain attacks by providing a consistent, end-to-end ecosystem that offers:
- Vetted Source Code – indemnified packages are checked ensure they are well maintained and suitably licensed for commercial use
- Scripted Builds – no manual intervention
- Secure Build Service – run in Amazon Web Services (AWS)
- Ephemeral, Isolated, Hermetic Environments – secure all build steps
- Verifiable Reproducibility – provenance can be established for each built artifact and cannot be falsified
- Signed Packages (coming soon) – package checksums are verified at runtime
Implementing the ActiveState Platform can greatly increase the security and integrity of your open source supply chain for Python, Perl and Tcl.
Open Source Security
The ActiveState Platform also offers a number of additional features that can help organizations improve open source security in general, including:
- Bill Of Materials – a comprehensive list of ingredients required to build your application, including all dependencies and configurations.
- Vulnerability Remediation – be aware of when your development environment is vulnerable, and then update and automatically rebuild your environment with secure Python, Perl or Tcl components in minutes.
- Universal Tooling – implementing secure “import-build-consume” tooling for one language is difficult, but quickly becomes intractable if you use more than 2 or 3 languages. The ActiveState Platform provides universal package management tooling for all languages, starting with Python, Perl and Tcl.
Want to see yourself?
You can try the ActiveState Platform by signing up for a free account using your email or GitHub credentials. Or sign up for a free demo and let us show you how you can secure your open source supply chain.