Curated Catalog

ActiveState Curated Catalogs are private, vetted repositories of open source components sourced from the ActiveState Trusted Catalog. These catalogs enable security teams to maintain control over approved components entering their environments while providing engineering teams with immediate access to vetted dependencies for builds, onboarding, and project initialization without requiring direct access to public package registries.

The ActiveState Curated Catalog is a comprehensive, enterprise-grade repository of secure, pre-vetted open source components and container images designed to strengthen your software supply chain security without disrupting developer workflows.

With an ActiveState Curated Catalog, you can do the following:

  • Secure Your Software Supply Chain
    Replace unvetted and risky components before they reach developer or production environments with verified and continuously monitored components.
  • Centralize Open Source Governance with Low-Friction Guardrails
    Guard how open source is selected and approved for use within your organization without introducing additional friction. Transform security policies from blockers into enablers.
  • Meet Open Source Compliance With Ease
    Simplify compliance audits with complete visibility into open source usage across your organization, including who approved it and why it’s safe. Compliance reporting moves from weeks to hours.
  • Reclaim Hours Lost to Development Toil:
    Replace hours spent on manual open source remediation tasks with time spent on new development. Engineers focus on development velocity instead of firefighting vulnerabilities.

Benefits

The Curated Catalog transforms software supply chain security by making the secure path the easy path. By providing vulnerability-free, built-from-source artifacts with verifiable provenance, organizations can accelerate development velocity while reducing security risk and compliance overhead.

How it works

Rather than adding another security tool for developers to manage, the catalog integrates seamlessly with your artifact repositories, such as JFrog Artifactory, Sonatype Nexus, and more.

How it works - flow chart

The ActiveState Build System

Once the process starts, our engineers will begin working on your build system. This process includes:

  • Building packages
  • Vetting dependencies
  • Creating catalogs

Catalog Server

When the Curated Catalog is built, we build a catalog server for you to access. This server is your access point to your curated catalog.

Repository Manager

You can connect the curated catalog to your repository manager. Repository management tools include Sonatype Nexus, Jfrog Artifactory, etc. This proxies your Artifact Manager and caches Packages and allows you to manage packages in your organization

End users

Now it’s time for your developers to start working with components from your secure, curated catalog! After setting up an Artifact Manager on their local machine, the end users (developers) can install components as they normally would using commands like pip install for Python, install.packages() in R, etc.