ActiveState Platform Demo: Jupyter for Notebooks

Watch the 2.5-minute demo that shows how you can track the security and compliance of code being generated by your data science teams.

  • Monitor and track the security and compliance of code generated in Jupyter Notebooks
  • Identify vulnerabilities, outdated code and poorly licensed libraries in Jupyter Notebooks
  • Identify when vulnerable code is passed from your data scientists to your developers

Learn more about the ActiveState Platform for Open Source Languages.


In this demo, I’m going to show you how someone in IT or InfoSec can track and verify the security compliance of code being generated by your data science teams. Our platform is designed to ensure all stakeholders are always aware of any security and compliance risks as and when they crop up. Data science teams tend to run independently of the rest of the organization, but when they pass a model to the development team, you want to make sure the code is free of any vulnerabilities, all the packages are up-to-date, and everything is properly licensed before the dev team starts incorporating that code into their application.

Now the ActiveState platform makes code verification simple. All you really need to do is a one-time installation of our ActiveState plugin. Just download it and install it onto your data science team’s Jupyter server. Then, you can create an identity for the notebook. Just type in here, “MyNotebook”, and create an identity, which is really just a configuration file. Now all I need to do is copy the contents and then paste this into a text message, like an email message, that I can send to my data science team, and then they can just add it to their Jupyter server by creating a new text file. It should end up looking something like this.

Now when they launch their Jupyter notebook and start running it, it’ll show up on the ActiveState dashboard. So now you can examine all the packages your data science team is using in order to spot any outdated packages – for example, any packages that have warnings or vulnerabilities against them – and any poorly licensed packages, such as Entrypoints, which has an unknown license. You can also spot GPL or LGPL licenses as well, so in this way you can be sure your dev teams will receive secure, compliant code from your data science teams before they start writing their application, and you can avoid the bottleneck that pushes everything onto the developer. Instead, you can solve issues whenever and wherever it makes sense.

Jason