ActiveState joins Python Software Foundation’s Trusted Publishing Initiative to Enhance the Integrity of Python Packages as Part of Its Mission to Secure Open Source Supply Chains

As a Trusted Publisher on the Python Package Index (PyPI), ActiveState empowers developers with unrivaled open source management capabilities and mitigates escalating supply chain risks.

Vancouver, BC–May 16, 2024: ActiveState, the leading Open Source Management platform for securing enterprise software supply chains, has joined the Python Software Foundation’s Trusted Publisher initiative to enhance the security and reliability of Python packages on the Python Package Index (PyPI). This partnership reflects ActiveState’s deep commitment to the open source community and its dedication to supporting developers by providing a secure, verified path for publishing Python packages. By helping to strengthen the security of the entire Python ecosystem, this initiative not only boosts overall cybersecurity but also equips enterprises with novel ways to control their consumption of open source.

ActiveState’s platform enables developers to automatically build, package, and distribute cross-platform Python wheels, streamlining the publishing process and securing it against emerging supply chain threats. Beyond enhanced security, ActiveState’s platform provides developers with robust tools for effective dependency management, enhancing productivity and collaborative efforts across the Python community.

In 2024, the software supply chain remains a prime target for increasingly sophisticated cyberattacks, with incidents impacting source, builds, dependencies, and deployments. Supply chain attacks have surged by an average of 742% yearly since 2019[1], underscoring the growing complexity and frequency of these threats across all aspects of software development. Recognizing that the burden of security should not fall solely on open source contributors, ActiveState is stepping up to help secure the Python ecosystem by joining the Trusted Publishing initiative. By adopting a Trusted Publisher like ActiveState to build and publish their packages, individual contributors can mitigate the risks associated with supply chain attacks.

“Joining PyPI’s Trusted Publishing initiative aligns perfectly with ActiveState’s mission to ensure the integrity of the open source supply chain,” explains Pete Garcin, Director of Product at ActiveState. “This partnership amplifies our commitment to the Python ecosystem, helping to build a more secure supply chain for developers and enterprises. Trusted Publishing not only enhances our collective security but also boosts confidence and trust among Python users around the world.”

Trusted Publishing aligns with ActiveState’s broader mission to secure open-source software supply chains and to continue supporting the innovation by open-source contributors. As cybersecurity threats evolve, this partnership underscores the critical role of secure software development practices across the open source ecosystem and enterprises. 

From Trusted Publishing to the recently announced Get Current, Stay Current (GCSC) initiative offering continuous code refactoring, ActiveState provides enterprises with a turnkey solution that enhances the security and reliability of their open source components, fostering a more secure and efficient software development environment.

To learn more about using Trusted Publishing with ActiveState, and to start publishing your packages with confidence, visit our website:

Additional Resources:

  • For those looking to get started using ActiveState as a Trusted Publisher to PyPI, our documentation provides a comprehensive guide to help you through the process. 
  • Join our forum to connect with others, find answers, and join discussions. 

[1] Sonatype. (2022). Software Supply Chain Report.

Media Contact:


Eric Thompson

About ActiveState 

ActiveState is the leading Open Source Management platform securing software supply chains and streamlining development with open source at scale. With ActiveState, enterprises can acquire, build, deploy, and track open source elements across all stages of the software development lifecycle from inception to production. Benefiting from unparalleled visibility into open source use across the enterprise, ActiveState provides a secure foundation for software development with continuous integration of the most current and pain-free open source packages into existing workflows and applications. Trusted by 97% of Fortune 1000 companies, ActiveState leverages two decades of industry expertise to address the increasing complexities of managing open source, empowering developers to prioritize productivity and innovation over maintenance and risk remediation. For more information, please visit

©2024, ActiveState, Inc. All rights reserved.

Recent Posts

Scroll to Top