ActiveState Platform Demo: Security & Compliance Overview

Watch a 2-minute demo that may change your mind about how you currently secure your Python scripts, services and applications.

  • At-a-glance view of your currently running application landscape
  • Identify vulnerable libraries
  • Identify outdated libraries

Learn more about the ActiveState Platform for Open Source Languages.

In this demo, I’m going to show you how the ActiveState platform makes it easy for anyone in your organization to understand at a glance just how outdated and vulnerable your application landscape may be. ActiveState’s platform implements security compliance for applications built with open source languages and then monitors them at runtime.

We’ve created a plug-in that can instrument most interpreted languages. In this example, you can just download the plugin for Python and then Pip install it into your environment. The next step is to create what we call an identity. Now, an identity might refer to all applications running on a specific server or under specific username, or in this case, you might want to create one identity per application, which is what I’ve done here. If you drill into one of these applications, you can see that each identity is really characterized by a config file, and that config file contains a unique identifier as well as a location of the platform where all of the information will be collected.

Now whenever an application is run, the interpreter plug-in will scan all of its packages at startup and send metadata, like the name of the package or the version number or the type of license, up to the ActiveState platform, so you can track what’s currently being run (here’s all of our applications currently being run here), any updated packages associated with the applications, as well as all of the vulnerable packages in all of your applications currently being run.

So with a single central dashboard, the ActiveState platform provides an overview of all of your current applications, lets you know which ones are active and which ones are up-to-date, and allows you to represent potential security holes to your organization.