Curated Catalog

The ActiveState Curated Catalog is a comprehensive, enterprise-grade repository of secure, pre-vetted open source components and container images designed to strengthen your software supply chain security without disrupting developer workflows.

What is the Curated Catalog?

The Curated Catalog serves as a secure upstream source for open source components, delivering actively maintained and remediated artifacts directly into your existing development tools and workflows. Rather than adding another security tool for developers to manage, the catalog integrates seamlessly with your artifact repositories, CI/CD pipelines, and Internal Developer Platforms (IDPs).

Key Features

• Source-Based Security: All components are built from source in a secure, hermetic environment, ensuring complete provenance and SLSA compliance
• Active Remediation: Vulnerabilities are investigated, patched, and rebuilt by ActiveState—your team consumes solutions, not problems
• Pre-Resolved Dependencies: Guaranteed compatibility and stability through tested dependency sets that eliminate “dependency hell”
• Transparent Integration: Components integrate directly into existing workflows—developers use standard package managers (pip, npm, etc.) without learning new tools
• Comprehensive Metadata: Each artifact includes CVE counts, VEX advisories, SBOMs, license information, and cryptographic verification to support compliance and audit requirements

Benefits

The Curated Catalog transforms software supply chain security by making the secure path the easy path. By providing vulnerability-free, built-from-source artifacts with verifiable provenance, organizations can accelerate development velocity while reducing security risk and compliance overhead.