You can’t count on public repositories when malware-infected packages in 2023 totalled more than twice the total number discovered in the previous 4 years. While public repositories are quick to remove infected packages, it’s usually not before hundreds or even thousands of organizations have been compromised.
That’s why runtimes created on the ActiveState Platform are built from source from our vetted, secure package catalog. The secure build process follows 5 phases:
- Analyze usage – what open source components you’re using across the organization.
- Resolve dependencies – the platform determines the transitive dependencies you will need, generating a build plan for each OS you run on.
- Build from source – each artifact is built hermetically, fully auditable, and reproducible.
- Scalable deployment – using our CLI, deploy secure runtimes across platforms and environments.
- Update to keep secure – at any time, add new dependencies or choose more secure versions.
This process makes it easy for your organization to use Open Source in a consistent, scalable and easy-to-audit way.