Skip to main content

ActiveState relaunching its platform for open source management

ActiveState today announced it is rebranding and relaunching its product as an open source management platform to help enterprises manage open source complexities, ensure supply chain security, and streamline DevSecOps. The platform, which integrates with existing tools, aims to proactively manage open-source risks by providing tools for discovery, analysis, remediation, and governance. 

It offers a centralized dashboard to track open-source usage, policy enforcement, and vulnerability management. The platform also ensures reproducible builds and streamlines upgrades, reducing the burden on developers.

Scott Robertson, ActiveState’s CTO, explained that most people know of ActiveState for its management of open source dynamic programming languages. “That usually became the way they got introduced to ActiveState’s real core vision, which is helping enterprises manage open source, the complexities of open source at scale that included managing licenses, vulnerabilities and doing very complex builds,” he said. “This announcement … is about us taking all of the tooling that we’ve created over the last 20 years and turning that into sets of platforms and tools that they can run themselves in their own environments.”

The driver behind the changes at ActiveState is the fact that software applications today are less secure than they ever have been. Stephen Baker, CEO at ActiveState, said the reason for that is that 96% of all applications contain open source, and malware last year was discovered in 245,000 open source packages, more than three times the amount discovered in the previous three years combined. 

Meanwhile, of the organizations that are building and consuming these applications, about 59% have claimed to have taken steps to secure their software supply chains. In spite of that, the cost of targeted software supply chain attacks are expected to double by 2030, to about $140 billion, Baker said.  “The root cause of all of this is that organizations are not proactively managing the open source they consume,” he explained. “It is very much a ‘set it and forget it’ mentality. Very rarely [are developers] going to go back in and opening up that application to upgrade the open source that’s been embedded in there. So they’re sort of happy to let this old open source fester and rot and become less secure over time.”

Further, Baker noted that in a recent survey, 81% of developers admitted they have shipped code with known open source vulnerabilities because it’s the fastest path to meeting deadlines and shipping the product.

The stance ActiveState has taken is that organizations need to become much more proactive in how they manage open source, using tools to enforce policies that cause the least amount of disruption to the development process and foster greater collaboration, he said.

The tool chain ActiveState has built to help its customers manage open source consumption is what has been productized and made available today. “We’re now giving the tools to every DevSecOps team to manage their own open source that they’re consuming in a much more scalable format and a much more secure format, in a manner that is going to improve the application security posture, while at the same time, not destroying developer productivity,” Baker said.

The platform is built on automation to provide timely insights into how vulnerable your open source is, and what you need to do to make it less vulnerable, hence eliminating 90% of the undifferentiated heavy lifting that every developer needs to do to research the dependencies, understand how they need to be upgraded and how risky they are, Baker pointed out. “One way to think about it is, it is open source supply chain security in a box. It is a turnkey platform that integrates with existing developer tools in order to help keep the open source current and more secure.”

Among the capabilities of new ActiveState Open Source Management Platform, according to director of product Pete Garcin, are:

  • The ability to discover open source as you’re running it, from various sources, and monitor it through a single pane of glass. “Whether that’s scanning your Kubernetes cluster or importing from your GitHub repo or letting you ingest an SBOM (software bill of materials) or a requirements file – however it’s spread across your organization – allows you to aggregate that and collect it so you have that centralized dashboard that shows all the open source that’s running inside my organization and everywhere that it’s running,” he said.
  • Tools to help analyze and prioritize the state of the risks in your organization, which show “what vulnerabilities do I have, what licenses do I have, what breakdown by language ecosystems do I have, with a total across your organization of the composition of all your software,” Garcin said.
  • Tools for policy and governance, as well as an immutable catalog of open source packages  indexed from across the internet. ” With our platform, it’s always reproducible, and you can go back at any point, and that’s combined with policies that allow you to curate that catalog so that you can ensure that anything that people are pulling is always going to be in compliance with whatever sort of governance you put in place.”

Robertson said this capability is the key differentiator between ActiveState and everyone else in the market. “Everybody else is in this kind of reactive model, where developers assemble something, get it all the way through CI/CD, and then they bring in their scanning tools to figure out what they have consumed. We come into play before that. We come in at assembly time. We’re applying all the rules and policies even before it gets into your organization, so that you’re consuming things cleanly at the point where you’re building the application.”

Baker offered a saying to summarize the issue and the solution: “You can’t deny the fact that every organization on the planet is now dependent on open source, and threat actors and cyber attackers are now depending on the lack of organizational controls on open source to plan their next attack.” 

The post ActiveState relaunching its platform for open source management appeared first on SD Times.



from SD Times https://ift.tt/vybfcLr
Labels:

Comments

Post a Comment

Popular posts from this blog

Difference between Web Designer and Web Developer Neeraj Mishra The Crazy Programmer

Have you ever wondered about the distinctions between web developers’ and web designers’ duties and obligations? You’re not alone! Many people have trouble distinguishing between these two. Although they collaborate to publish new websites on the internet, web developers and web designers play very different roles. To put these job possibilities into perspective, consider the construction of a house. To create a vision for the house, including the visual components, the space planning and layout, the materials, and the overall appearance and sense of the space, you need an architect. That said, to translate an idea into a building, you need construction professionals to take those architectural drawings and put them into practice. Image Source In a similar vein, web development and design work together to create websites. Let’s examine the major responsibilities and distinctions between web developers and web designers. Let’s get going, shall we? What Does a Web Designer Do?
Post a Comment
Read more

A guide to data integration tools

CData Software is a leader in data access and connectivity solutions. It specializes in the development of data drivers and data access technologies for real-time access to online or on-premise applications, databases and web APIs. The company is focused on bringing data connectivity capabilities natively into tools organizations already use. It also features ETL/ELT solutions, enterprise connectors, and data visualization. Matillion ’s data transformation software empowers customers to extract data from a wide number of sources, load it into their chosen cloud data warehouse (CDW) and transform that data from its siloed source state, into analytics-ready insights – prepared for advanced analytics, machine learning, and artificial intelligence use cases. Only Matillion is purpose-built for Snowflake, Amazon Redshift, Google BigQuery, and Microsoft Azure, enabling businesses to achieve new levels of simplicity, speed, scale, and savings. Trusted by companies of all sizes to meet
Post a Comment
Read more

2022: The year of hybrid work

Remote work was once considered a luxury to many, but in 2020, it became a necessity for a large portion of the workforce, as the scary and unknown COVID-19 virus sickened and even took the lives of so many people around the world.  Some workers were able to thrive in a remote setting, while others felt isolated and struggled to keep up a balance between their work and home lives. Last year saw the availability of life-saving vaccines, so companies were able to start having the conversation about what to do next. Should they keep everyone remote? Should they go back to working in the office full time? Or should they do something in between? Enter hybrid work, which offers a mix of the two. A Fall 2021 study conducted by Google revealed that over 75% of survey respondents expect hybrid work to become a standard practice within their organization within the next three years.  Thus, two years after the world abruptly shifted to widespread adoption of remote work, we are declaring 20
Post a Comment
Read more