How to FIND and FIX vulnerabilities (CVEs) in your Python Environment

How mature is your supply chain security? See how good your existing open source security and integrity controls are by taking our quick, 8-question self-assessment

Two of the most important issues faced by development teams include timely vulnerability remediation and knowing which component/version of a component is safe to use. The ActiveState Platform addresses both issues.

You can use the ActiveState Platform to remediate vulnerable Python, Perl, and Tcl runtime environments by selecting non-vulnerable package versions, and automatically rebuilding your environment, helping to shortcut the lengthy remediation process.

In this video, we show you how a vulnerability in Django is fixed in minutes!

django vulnerability fix

Ready to give it a try? Find and Fix CVEs’ features are available on the Platform for all users. If you have a free ActiveState Platform account, you can create your own project and remediate it, or you can fork these sample vulnerable environments and try to remediate them:

For Python: PyVulnerable project

For Perl: PerlVulnerable project

You can find more information and instructions here:

How to remediate your open source vulnerabilities quicker

Watch Next: How to use the State Tool to see the vulnerabilities in your project

At ActiveState, we use the Platform to build not only our popular open source language distributions, but also custom runtimes for our enterprise clients (i.e. builds containing just the language and packages their project requires). Try it out yourself or get a demo and understand how it can support your enterprise’s open source needs.

New to the ActiveState Platform? Here’s how to get started, once you’ve created your free account.

Use our Platform to build a custom runtime for your next project, including just the language and packages your project needs.

  • Choose a language (Python, Perl or Tcl right now)
  • Select your operating system (Linux or Windows, plus Mac for Python)
  • Add the packages your project requires

ActiveState regularly pulls packages from each language’s standard open source repository (CPAN, PyPI, etc) to ensure that your open source language and components are up to date, can be compiled from source, and are then verified to work together in a distribution that is packaged for most major operating systems. Go ahead and try our beta today! We are hanging out at our Community Forum to provide support as you explore.

Individual users can get started with the ActiveState Platform for free. For use by organizations or teams of individuals, explore our paid plans.

Suhani S