Python Security: Remove Blindspots with Built-In Security
Update 2021: ActiveState Platform is being developed to be a turn-key software supply chain solution for Python security professionals, that protects your software development process from end to end:
- An open source catalog that contains indemnified Python packages which have been checked to ensure they are well maintained and suitably licensed for commercial use.
- A secure build service that offers isolated, ephemeral, hermetic and verifiably reproducible builds from Python source code. As a universal, automated build tool, developers no longer need to install potentially compromised binaries.
- Checksum verification of all build artifacts ensures the final packages you work with haven’t been compromised.
Remove Blind Spots
Until now organizations needed multiple approaches to track Python dependencies, vulnerabilities, library versions and licenses including:
- During code check-in via repositories
- Across the CI/CD chain using automated scanning tools
- In production by installing continuously running agents
The ActiveState Platform let’s you centrally manage your open source languages. You can verify running code from development all the way through to test and production environments. You can remove blind spots with a 360 degree view of your code.
Figure 1: ActiveState Platform monitoring Python packages in productionPython Security Remove Blindspots with Built-In Security
3 Security Wins For Production Environments
- Compliance teams identify “unknown” Python packages & ensure modifications are in compliance with the package’s license terms.
- InfoSec teams profile Python applications to understand the risk level associated with continuing to run a compromised instance.
- Audit teams track how a Python application has changed through the software development lifecycle & can ensure best practices are followed.
More Speed – Less Risk – Better Trust
Start with a secure Python runtime built on the ActiveState Platform. Instrument the Python interpreter to ensure your Python code remains secure. Now all stakeholders – from the developer working in the IDE, to the QA tester, to Ops and InfoSec teams in production – can track security & compliance issues.
- More Speed: Enable security teams to keep pace with dev. Security roadblocks can be removed since you bake security into your Python runtime before you even begin coding.
- Less risk: Inject security right into your source code. Track security vulnerabilities, out-of-date packages and risky licenses from dev through to production.
- Better Trust: Give your InfoSec and Risk Management teams a way to certify that security & compliance best practices are being followed.
90% of applications are built with open source. Of those, 76.5% have vulnerabilities and 54% are not compliant.
ActiveState enables you to bake security into the language runtime, BEFORE you start coding.
- The Platform’s runtime security is unlike agent-based solutions that are deployed late in the SDLC & run continuously. The Platform eliminates blind spots in the SDLC and adds no overhead to your production systems.
- Plus, the Platform empowers all stakeholders throughout the SDLC to be aware of security and compliance risks. You avoid the bottleneck that pushes everything onto the developer. Instead you can solve issues wherever and whenever it makes sense.
ActiveState is the de-facto standard for millions of developers around the world who have been using our commercially-backed, secure open source language solutions for over 20 years. With the ActiveState Platform, developers can now automatically build their own Python, Perl or Tcl Environments for Windows, Linux or Mac—all without requiring language or operating system expertise.
How to try the ActiveState Platform for your Python projects?
How mature is your supply chain security? See how good your existing open source security and integrity controls are by taking our quick, 8-question self-assessment.