Data Sheet: Shifting Security Left with the ActiveState Platform

Cyberattacks on Dev and Test environments are on the rise. Software developers can help, but only if they change how they approach open source security. It is time to shift security left! Developers that work with open source code while connected to the internet, NEED new measures to ensure security across the ENTIRE software development lifecycle. Learn how you can shift security left without disrupting your Dev, DevOps and SecOps personnel.

A solution for DevSecOps – the ActiveState Platform

The ActiveState Platform secures your open source supply chain, while providing a universal package management solution for Python, Perl and Tcl designed to let:

  • Developers eliminate dependency hell and “works on my machine” issues. 
  • DevOps improve reproducibility and transparency of workloads.
  • SecOps to reduce Mean Time to Remediation (MTTR) from weeks to hours.

ActiveState Platform for DevSecOps

Developers: Simplify Dev Environment Management

Individual developers primarily use the ActiveState Platform for:

  • Environment Management – similar to Python’s pip or Perl’s CPAN, you can use the ActiveState Platform’s CLI, the State Tool, to install and manage your environments on Windows, Linux and macOS.
    • Provides dependency resolution, flags conflicts and even provides workarounds, eliminating dependency hell.

Development teams primarily use the ActiveState Platform for:

  • Shared Runtime Environments – the ActiveState Platform automatically builds from source code a single, central “source of truth” for your project’s runtime environment that can be used by all developers on a team.
    • Eliminate “works on my machine” issues. 
    • Ensure secure Dev environments compared to installing pre-compiled binaries.
    • Ensure developers work with an approved set of packages.

ActiveState Platform dev environment set up

DevOps: Optimize CI/CD Pipelines

DevOps uses the ActiveState Platform’s pre-built runtime environment to build their CI/CD environments, gaining:

  • Reproducibility – shared runtimes ensure reproducible environments between Dev and Test, resulting in fewer bugs arising due to inconsistent environments.
  • Speed – pre-built runtimes decrease the time to build containers. Caching can help speed things up for repeated runs, but not when you’re doing rapid development and changing your dependencies.
  • Security – all Python, Perl and Tcl environments are built from source, helping to solve open source supply chain issues by delivering transparency for all language artifacts in production workloads.

ActiveState Platform for CI CD pipelines

SecOps: Remediate Vulnerabilities Faster

SecOps can use the ActiveState Platform to shift security left, securing the Development and Test environments without disrupting the software development process:

  • Monitor Python, Perl and Tcl open source components used by developers to ensure timely awareness of vulnerabilities.
  • Upgrade or downgrade vulnerable components, and automatically rebuild a secure runtime environment ready to be pulled into your CICD pipeline. 
Features Benefits
Universal Package Management for Python, Perl & Tcl on Windows, Linux and macOS A single toolchain reduces maintenance and overhead costs
Native virtual environment support Run multiple projects/versions of Python, Perl and Tcl on your machine without dependency conflicts.
Revision control provides an auditable history of changes to your environment Never rebuild corrupted environments again – just revert to the latest working version.
Versatile CLI (State Tool) lets you manage your environment directly from the terminal. Integrate with your existing CI/CD pipelines, and keep your team synchronized across platforms.
Build environments fast from source code with our distributed, parallel build system.  Automatically build packages (including linked C libraries) from source without the need for OS or language expertise. 

devsecops ActiveState Platform


About ActiveState

ActiveState is the de-facto standard for millions of developers around the world who have been using our commercially-backed, secure open source language distributions for over 20 years. With the ActiveState Platform, developers can now automatically build their own Python, Perl or Tcl Environments for Windows, Linux or Mac—all without requiring language or operating system expertise.

How  to try the ActiveState Platform for your Python, Perl and Tcl projects?

Developers can sign up for our Platform and use it to build a runtime environment for their Python projects right away. Or they can install it via the command line using the snippet provided here.

Upto 5 Active Runtimes per organization (or per individual, if for personal use) are free. For information on team tier or enterprise pricing, refer to our Platform Pricing or else contact Sales.


How mature is your supply chain security? See how good your existing open source security and integrity controls are by taking our quick, 8-question self-assessment.

Suhani S