ActiveState Unveils Open Source Management Platform to Automate Software Supply Chain Security, Boosting Developer Agility and Centralizing Governance and Visibility of Open Source In Use Across the Organization

Reimagined platform unifies software supply chain security and simplifies governance, dependency, vulnerability, and license management into a single DevSecOps platform

VANCOUVER, BC, Nov. 13, 2024 /PRNewswire/ -- ActiveState is redefining open source management with the launch of the market's first-ever end-to-end software supply chain security solution, offering enterprises unparalleled visibility and control over the open source they use in their organization. ActiveState's platform safeguards open source usage by thoroughly scanning and identifying components across all environments—from code repositories to containers. Open source forms the backbone of modern software, making robust controls essential—not only to manage licenses, dependencies, and vulnerabilities but also to prevent bad actors from exploiting any gaps in oversight. ActiveState's breakthrough features address the critical challenges of security, compliance, and operational efficiency, providing a seamless way to manage open source software across every phase of development. With ActiveState, enterprises can simplify their tool stack, reduce risk, and accelerate their DevSecOps processes.

The open source security crisis has reached a critical tipping point. With 96%¹ of applications using open source that in most cases has not been updated in over two years, enterprises face unprecedented exposure – yet current solutions fall short. In the past year alone, 81%² of developers admitted to shipping vulnerable code, while 91% of organizations suffered supply chain attacks targeting open source vulnerabilities. Despite a projected $215B³ security spend in 2024, breach-related damages are set to surge 300% to $10.5T⁴, largely due to sophisticated supply chain attacks which have skyrocketed 633%⁵ year-over-year. Organizations find themselves caught between relying on open source for innovation and protecting against its inherent risks. The challenge is particularly acute since over 75% of application code is now open source, creating a massive attack surface outside organizational control. Traditional security approaches are proving inadequate against the evolving threat landscape, forcing developers to spend up to 30%⁶ of their time wrestling with complex security tools they lack the expertise to properly implement.

"This release is a breakthrough in DevSecOps. Our end-to-end solution offers unparalleled visibility and control, so teams can identify, manage, and remediate open source risks before they become threats, all while optimizing productivity across the software lifecycle," says Scott Robertson, CTO, ActiveState

ActiveState's platform provides a transformative solution to the complex challenges organizations face with open source security and management. By integrating universal discovery capabilities, ActiveState enables comprehensive scanning across diverse ecosystems and environments—from Kubernetes clusters and Docker registries to GitHub repositories and SBOMs. The platform's scanning tools and advanced dependency solver automatically map every component in your environment, from direct to transitive dependencies and OS-level libraries, providing complete visibility into your software supply chain.

ActiveState's remediation plans help security and development teams efficiently address security risks by automatically prioritizing vulnerabilities and providing them with the intelligence they need to mitigate those risks, so they can focus on the most critical issues first, significantly reducing exposure time for high-risk components.

The platform empowers organizations to build and maintain their own curated catalog of vetted open source components, establishing a secure foundation of trusted packages that align with a company's unique security and compliance requirements. This ensures teams work only with verified, policy-compliant components while eliminating the risk of compromised packages.

ActiveState builds directly from verified source code, delivering secure artifacts in multiple deployment formats—from containers ready to deploy to clusters to native packages for development environments. Each build maintains detailed provenance records for complete auditability, ensuring the software supply chain remains secure and compliant from source to deployment.

"In a landscape where nearly all applications rely on open source, ActiveState's platform empowers organizations to secure their software supply chain comprehensively and efficiently. We are obsessed with helping our customers stay resilient, agile, and focused on innovation and are committed to providing scalable solutions for taming open source complexities," says Stephen Baker, CEO, ActiveState

Companies can get an exclusive first look at the new ActiveState and its newly released features, available immediately. Visit https://platform.activestate.com/create-account to sign up.

Sources:

1. Gitnux. Open source software statistics. Gitnux. https://gitnux.org/open-source-software-statistics/#:~:text=96%25%20of%20applications%20have%20at,in%20use%20in%20modern%20applications
2. GitHub. (2024, February 6). AppSec is harder than you think. Here's how AI can help. GitHub Blog. https://github.blog/2024-02-06-appsec-is-harder-than-you-think-heres-how-ai-can-help/
3. Gartner. (2023, September 28). Gartner forecasts global security and risk management spending to grow 14 percent in 2024. Gartner. https://www.gartner.com/en/newsroom/press-releases/2023-09-28-gartner-forecasts-global-security-and-risk-management-spending-to-grow-14-percent-in-2024
4. McKinsey & Company. New survey reveals $2 trillion-dollar market opportunity for cybersecurity technology and service providers. McKinsey. https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/new-survey-reveals-2-trillion-dollar-market-opportunity-for-cybersecurity-technology-and-service-providers
5. Cybersecurity Magazine. Why are supply chain attacks increasing? Cybersecurity Magazine. https://cybersecurity-magazine.com/why-are-supply-chain-attacks-increasing/
6. Forbes Technology Council. (2022, August 10). Measuring and managing technical debt. Forbes. https://www.forbes.com/sites/forbestechcouncil/2022/08/10/measuring-and-managing-technical-debt/?sh=177a90592c23

SOURCE ActiveState

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

440k+
Newsrooms &
Influencers

9k+
Digital Media
Outlets

270k+
Journalists
Opted In

GET STARTED