DEVOPSdigest

ActiveState expanded support of secure open source to include free and customized low-to-no vulnerability containers that facilitate modern software development.

Coupled with a large catalog of secure open source components (40M+ and growing), ActiveState's container offering gives enterprises a one-stop solution for securing their software supply chain.

ActiveState's secure container offering, which includes both free and customizable options, bridges the gap between secure base images and app dependencies by providing a selection of hardened base containers that can be further customized using ActiveState's leading catalog of managed application dependencies and build expertise.

"ActiveState has been securing open source software for enterprises for nearly 30 years now; adding low-to-no vulnerability container images to our catalog is a natural expansion of our focus," said Stephen Baker, CEO, ActiveState. "We understand the urgent need for secure, easy-to-use container solutions. Our new offering not only solves a critical problem DevOps and security teams are looking to solve right now but also expands ActiveState's reach, driving growth and reinforcing our position as the open source security partner of choice."

ActiveState delivers container images for the most popular open source software languages used in enterprise application development today as well as languages that power some of the economy's most important infrastructure. Debuting today on the company's DockerHub repositories are low-to-no vulnerability base images backed by the largest catalog of open source libraries to enable customization. This allows ActiveState to service the widest base of customers across highly regulated industries such as software, financial services, utilities, healthcare, government, and transportation and enable these businesses to secure not only their new applications, but also those they have been managing and maintaining for decades.

Base images are updated nightly; when vulnerabilities are identified, ActiveState remediates the container images within 7 days for critical vulnerabilities. For companies requiring customization of their container images, ActiveState's customer success team offers the fastest customization turnaround in the industry.

Key benefits include:

- Instant and ongoing security: Pre-built container images eliminate vulnerabilities from the start. Nightly builds and rigorous vulnerability remediation SLAs keep companies safe and secure over time.

- Unmatched Customization: ActiveState's history of securing open-source enables customers to access over 40 million secure components, including Python, Java, Perl, and Go, to meet their application needs, bridging the gap between secure base images and vulnerable application dependencies.

- Battle-Tested Build Automation: Customers inherit the benefits of a secure, automated SLSA-3 build system that the ActiveState team uses to perform image customization. This allows teams to offload the risky process of building and maintaining custom images while saving on engineering and overhead costs.

- Simplified compliance: Low-to-no vulnerability custom containers help teams achieve and maintain complex compliance requirements without lengthy audit cycles. Further image hardening and industry-leading SLA for CVE remediation helps companies meet strict requirements (e.g., FedRAMP, SOC 2 etc.).