How to FIND and FIX vulnerabilities (CVEs) in your Python Environment
Your software supply chain is only as secure as its weakest link. Get our survey report to see how other software professionals are coping and what practices you can adopt to secure your software supply chain, from dev through production.
Two of the most important issues faced by development teams include timely vulnerability remediation and knowing which component/version of a component is safe to use. The ActiveState Platform addresses both issues.
You can use the ActiveState Platform to remediate vulnerable Python, Perl, and Tcl runtime environments by selecting non-vulnerable package versions, and automatically rebuilding your environment, helping to shortcut the lengthy remediation process.
In this video, we show you how a vulnerability in Django is fixed in minutes!
Ready to give it a try? Find and Fix CVEs’ features are available on the Platform for all users. If you have a free ActiveState Platform account, you can create your own project and remediate it, or you can fork these sample vulnerable environments and try to remediate them:
For Python: PyVulnerable project
For Perl: PerlVulnerable project
You can find more information and instructions here:
Watch Next: How to use the State Tool to see the vulnerabilities in your project
At ActiveState, we use the Platform to build not only our popular open source language distributions, but also custom runtimes for our enterprise clients (i.e. builds containing just the language and packages their project requires). Try it out yourself or get a demo and understand how it can support your enterprise’s open source needs.
New to the ActiveState Platform? Here’s how to get started, once you’ve created your free account.
Use our Platform to build a custom runtime for your next project, including just the language and packages your project needs.
- Choose a language (Python, Perl or Tcl right now)
- Select your operating system (Linux or Windows, plus Mac for Python)
- Add the packages your project requires
ActiveState regularly pulls packages from each language’s standard open source repository (CPAN, PyPI, etc) to ensure that your open source language and components are up to date, can be compiled from source, and are then verified to work together in a distribution that is packaged for most major operating systems. Go ahead and try our beta today! We are hanging out at our Community Forum to provide support as you explore.
Individual users can get started with the ActiveState Platform for free. For use by organizations or teams of individuals, explore our paid plans.