Security and Compliance: SaaS Platform for Open Source Languages
In modern applications, 80% or more of the code typically comes from open source dependencies, but importing, building and consuming open source can expose you to undue risk unless you’ve implemented strict security and integrity controls. The ActiveState Platform can help you with your open source safety and integrity needs.
SaaS Platform for Open Source Languages
sec compliActiveState SaaS Platform
The way to build, monitor and secure open source languages. The first feature set provides runtime security and compliance of programs built with open source languages. The feature set augments security and compliance provided in ActiveState’s language distributions.
First Line Of Code To Production
Security and compliance are built into your applications from the first line of code all through to production.
Runtime Security
You can manage the runtime security and compliance of applications with the included plugin for open source language interpreters. The plugin sends information about the application (package names, versions, licenses, etc.) to the ActiveState Platform. This enables customers to identify security vulnerabilities, out-of-date packages and risky/restrictive licenses (such as GPL or LGPL).
Decrease Attack Surface
ActiveState’s 20+ years of build engineering expertise can enable your security teams with a way to configure builds with only the required application, security and compliance components. You benefit from smaller builds and decreased attack surface.
More Productivity
Get to market faster by eliminating the security and validation delays found when taking software built with open software to market. Avoid delays like:
- New threats that compromise the application;
- Checking for updates to open source libraries;
- Finding open source licensing;
- Conflicts late in the dev cycle.
Faster Application Delivery At Lower Risk
Deliver applications faster with lower risk. All your stake holders in the software development lifecycle (SDLC) are empowered and can retain control. ActiveState helps you speed up time to market. Your dev teams can benefit from our secure and compliant open source language distros. And all stakeholders from devs working in the IDE to the QA tester to Ops and InfoSec teams in production can identify security and compliance issues. ActiveState provides you with the ability to identify and resolve security and compliance issues at every stage of the application lifecycle. Your stakeholders can decide when and where to resolve security and compliance issues.
Identify And Verify Environments
You can identify vulnerabilities wherever code is run including unit tests, performance tests and integration tests. Vulnerabilities can be found well before production. Plus, verify production environments and confirm changes are not being made directly to production code.
- 360 Degree View. No blind spots, view the full SDLC, from Dev to QA to Ops and InfoSec in production.
- Agentless Monitoring. Monitor runtime code, real time, with no agent overhead.
- Check and Balance. Ensure code changes are not being made directly in production.
- Reduce Costs. Resolve security and compliance issues before they get to production.
- Verify Licensing. Identify GPL/LGPL licensed libraries and other licenses that conflict with your policies.
- Prioritize Fixes. Better triage security issues; know which libraries are being run and which aren’t being run.
| Key Features and Functionality | |
|---|---|
| Runtime Monitoring | Monitor running code, not static packages in a repository. Agentless – no performance hit on client; Real time monitoring – updates as packages are loaded. |
| Reduce Application Risk | Track key risk indicators (vulnerabilities, outdated packages, etc.) for applications throughout the CI/CD process and in production. |
| Dashboard of Key Risk Indicators | Access a dashboard that provides at-a-glance identification of vulnerabilities, out-of-date libraries, and risk for every application instance in the enterprise. |
| Monitor Open Source Licenses | Identify open source licenses that conflict with your organization’s guidelines, including GPL and LGPL. |
| Identify Custom Code | Identify code libraries that have been customized in order to investigate whether changes have been made in accord with the library’s license. |
| Agentless Monitoring | The ActiveState plugin runs at application startup, as well as on load of a new package, eliminating the performance overhead of a traditional agent. |
| Reduce Cost of Issue Resolution | Identify and resolve open source language security and compliance issues in Development and throughout the CI/CD chain before they get to Production. |
| Reduce Time to Detection | Leverage real time identification of vulnerabilities wherever the code is run: from unit tests in Development through performance tests in Staging, as well as in all Production datacenters. |
| Reduce Time to Resolution | Ensure stakeholders throughout the Software Development Lifecycle are aware of security and compliance issues so the most appropriate resource can take action at the most appropriate stage. |
| Reduce False Positives | Identify which open source language packages are actually running in Production versus which are never loaded/run so you can prioritize fixes. |
| Availability | |
|---|---|
| Python Versions | Available for ActivePython 2.7.x, 3.5.x and 3.6.x. |
| Form Factors | Available as a cloud-based service running on Amazon Web Services (AWS). |
| Specifications | |
|---|---|
| Vulnerability Database | Vulnerability and CVE information is updated every 24 hours from multiple sources, including NVD, social media, developer resources, and others. |
| Application Data | ActiveState only collects metadata about open source language packages, including package name, package license, and version number. |
| Data Security | Application data is sent via SSL to the ActiveState Platform, and stored in a North American AWS RDS instance. |
| Runtime Overhead | Depending on the size of your application, the ActiveState plugin runs for a few milliseconds at startup time, and <1 ms on subsequent package load. |
| Application, Server and User Monitoring | Depending on configuration, monitoring can be set up on a per server, per user or per application instance basis. |
What is the ActiveState Platform?
ActiveState is the de-facto standard for millions of developers around the world who have been using our commercially-backed, secure open source language distributions for over 20 years. With the ActiveState Platform, developers can now automatically build their own Python, Perl or Tcl Environments for Windows, Linux or Mac—all without requiring language or operating system expertise.
How to try the ActiveState Platform
You can try the ActiveState Platform by signing up for a free account using your email or GitHub credentials. Or sign up for a free demo and let us show you how we can support your Python 2 application(s).
Certify third-party libraries against dependency management, security and compliance criteria on the ActiveState Platform. Create a free account.
