ActiveState Trusted Artifacts Secures the Open Source Supply Chain

ActiveState’s secure build service can now populate JFrog Artifactory with trusted open source artifacts

VANCOUVER, British Columbia – March 9, 2022 – Today, ActiveState introduced the ability for JFrog Artifactory users to populate their repositories with ActiveState’s securely built open source artifacts. Developers get trustworthy, open source packages without being forced to recreate them from scratch and can now easily manage them with their other artifacts, packages, and software components hosted in JFrog Artifactory. With this additional layer of protection, enterprises can continue to shift security left without disrupting the way developers work.

Click to Tweet: ActiveState’s Trusted Artifacts eliminate the risk of developers importing and working with insecure, prebuilt artifacts from open source repositories. (https://bit.ly/3o4lPR0) #secureyoursoftwaresupplychain

Open Source Software Creates Enterprise Risk:

  • Open source dependencies provide no guarantees around the security and integrity of the built open source artifacts they provide.
  • Building your own open source artifacts from source code requires significant time and effort but delivers no differentiating benefits to the enterprise.
  • We also know from our Secure Supply Chain Survey that ~80% of organizations that build from source code struggle with creating reproducible builds, meaning the open source artifacts they create are insecure since there is no way to verify if the source code was compromised when the original build was produced.

The ActiveState Platform features a secure build service that delivers reproducible builds whose provenance can be verified by tracing each component back to its original source. Scripted builds from vetted source code occur inside of ephemeral, isolated and hermetically sealed (i.e., no internet access) containers purpose-built to perform a single function, reducing the potential for compromise. As a result, ActiveState can help enterprises ensure the security and integrity of their open source supply chain by populating their JFrog Artifactory with secure Java, JavaScript, .Net, Python, Ruby, PHP, and other open source language artifacts.

Loreli Cadapan, Vice President, Product Management, ActiveState, said: “Open source organizations are making great strides to improve the security of their public repositories, but the reality is that they are still the Wild West where anything goes. Our recent Supply Chain Security Survey results indicate that a worryingly high proportion of organizations continue to implicitly trust these open source repositories. Starting with our secure build service for JFrog Artifactory users, ActiveState is looking to help enterprises overcome these limitations in order to improve the security and integrity of their software development processes.”

ActiveState Trusted Artifacts is now generally available. Talk to our product experts to understand how ActiveState can help you decrease the risk and overhead of managing open source language packages in Artifactory.

About ActiveState:

ActiveState has a 20+ year history of providing secure, scalable open source language solutions to more than 2 million developers and 97% of Fortune 1,000 enterprises. Enterprises choose ActiveState to support mission-critical systems and speed up software development while enhancing the security and integrity of their open source supply chain. Visit www.activestate.com/ for more information.

Related links:

Solution Page: Populate JFrog Artifactory with Securely Built Open Source Artifacts

ActiveState Webinar: A Simplified Path to Trusted Open Source Artifacts

ActiveState Blog: Introducing trusted open source artifact subscription for Artifactory users

Solution Sheet: Automate, secure, and streamline artifact maintenance in JFrog Artifactory

Press Contact:

Jeff Aboud
pr@activestate.com

Recent Posts

Webinar - Walking Dead Past Python EOL
Walking Dead Past Python EOL

Stuck living with zombie applications running on Python 2, 3.7 or other past-EOL software? Learn the case for maintaining vs. upgrading, and how you can adopt a culture of getting current and staying current, with lessons from our customers.

Read More
Scroll to Top