Supply Chain Council of European Union | Scceu.org
News

ActiveState Delivers Trust For The Open Source Supply Chain

ActiveState’s Supply Chain Security survey showed that too many organizations (regardless of size) continue to implicitly trust open source language repositories, despite the fact that they provide no guarantee of security or integrity for the millions of third-party software assets they provide to software developers. 

The ActiveState Platform secure build service implements the controls to generate SLSA level 4 artifacts for open source components that:

  1. Are fully scripted and automated
  2. Generate authenticated provenance
  3. Provide auditability of the source and the integrity of the provenance, respectively
  4. Deliver isolated, ephemeral, hermetic and reproducible builds

ActiveState pairs these controls with its unique open source management capabilities to deliver comprehensive software supply chain security that includes:

  • Automated, tamper-proof builds of open source language dependencies from source code, including native libraries
  • A catalog of source code that is maintained in perpetuity, ensuring build reproducibility even if dependencies are deleted or corrupted in public repositories
  • Enriched dependency metadata, including vulnerability and licensing information
  • Signed artifacts, ensuring that they haven’t been tampered with
  • Optional distribution from an Artifact Repository hosted by ActiveState

This means that DevOps now has a trusted vendor for open source supply chain management as an alternative to setting up their own supply chains, which are time-consuming and inherently insecure.

The ActiveState Platform secure build service supports SLSA Level 4 standards to enable DevOps to dramatically reduce the risk and cost of securing their software supply chain while ensuring the security and integrity of the products and services they create. 

Loreli Cadapan, Vice President, Product Management, ActiveState, said: “The effort of building and verifying the security and integrity of every open source dependency used by DevOps teams worldwide can be expensive, requiring significant engineering time and resources. The ActiveState Platform secure build service enables DevOps to consume trusted artifacts at a fraction of the cost by implementing controls to meet SLSA Level 4 standards.”

Try the ActiveState Platform secure build service by signing up for a free ActiveState account.

For More Information:

Read the blog, Why DevOps Leaders Should Understand and Prioritize SLSA
Visit the ActiveState SLSA web page

About ActiveState

ActiveState has a 20+ year history of providing secure, scalable open source language solutions to more than 2 million developers and 97% of Fortune 1,000 enterprises. Enterprises choose ActiveState to support mission-critical systems and speed up software development while enhancing the security and integrity of their open source supply chain. Visit www.activestate.com for more information.

SOURCE ActiveState

Related posts

Lindora Partners with Sysco for World-class Logistics & Supply Chain Management

scceu

Hackers are launching cyberattacks targeting Covid vaccine supply chain

scceu

Canadian inflation at 18-year high on supply chain woes

scceu
`