Curated Catalog
ActiveState Curated Catalogs are private, vetted repositories of open source components sourced from the ActiveState Trusted Catalog. These catalogs enable security teams to maintain control over approved components entering their environments while providing engineering teams with immediate access to vetted dependencies for builds, onboarding, and project initialization without requiring direct access to public package registries.
The ActiveState Curated Catalog is a comprehensive, enterprise-grade repository of secure, pre-vetted open source components and container images designed to strengthen your software supply chain security without disrupting developer workflows.
With an ActiveState Curated Catalog, you can do the following:
- Secure Your Software Supply Chain
Replace unvetted and risky components before they reach developer or production environments with verified and continuously monitored components. - Centralize Open Source Governance with Low-Friction Guardrails
Guard how open source is selected and approved for use within your organization without introducing additional friction. Transform security policies from blockers into enablers. - Meet Open Source Compliance With Ease
Simplify compliance audits with complete visibility into open source usage across your organization, including who approved it and why it’s safe. Compliance reporting moves from weeks to hours. - Reclaim Hours Lost to Development Toil:
Replace hours spent on manual open source remediation tasks with time spent on new development. Engineers focus on development velocity instead of firefighting vulnerabilities.
Benefits
The Curated Catalog transforms software supply chain security by making the secure path the easy path. By providing vulnerability-free, built-from-source artifacts with verifiable provenance, organizations can accelerate development velocity while reducing security risk and compliance overhead.
How it works
Rather than adding another security tool for developers to manage, the catalog integrates seamlessly with your artifact repositories, such as JFrog Artifactory, Sonatype Nexus, and more.
The ActiveState Build System
Once the process starts, our engineers will begin working on your build system. This process includes:
- Building packages
- Vetting dependencies
- Creating catalogs
Catalog Server
When the Curated Catalog is built, we build a catalog server for you to access. This server is your access point to your curated catalog.
Repository Manager
You can connect the curated catalog to your repository manager. Repository management tools include Sonatype Nexus, Jfrog Artifactory, etc. This proxies your Artifact Manager and caches Packages and allows you to manage packages in your organization
End users
Now it’s time for your developers to start working with components from your secure, curated catalog! After setting up an Artifact Manager on their local machine, the end users (developers) can install components as they normally would using commands like pip install for Python, install.packages() in R, etc.