As an ActiveState user, you need to review the security vulnerabilities your project is exposed to while you work on your build configuration. Keeping a current account of any potential vulnerabilities in your project is important to keeping your runtime environment secure and running smoothly.
ActiveState offers different methods of providing reports to our Enterprise-tier customers. These reports can help with security or compliance concerns, or can be part of a recurring internal system review.
Reports offered include:
The Vulnerability Report generated by the ActiveState Platform will show:
To produce a detailed report of the vulnerabilities unique to your project:
This will generate a pdf of your Vulnerabilities Report that you can share, or save as reference material for future projects or commits.
To view the reports from previous commits of the same project:
This will show the vulnerability report at the time of this commit and will not include any artifacts added later. This function is useful for comparing changes between project commits.
On the Overview tab of your project page, click the Report link at the end of the “Vulnerabilities (CVEs) line to export your CVE report to a
The file will contain details about the project and its current vulnerabilities.
To view a project’s vulnerability status, you can produce a summary report for the current project in the State Tool using the
state cve command.
state cveto generate the top-level summary report of the current vulnerabilities by severity.
state security reportand receive a fully detailed report of a project’s security vulnerability status and which packages they belong to.
state cve open <CVE ID>to get a detailed breakdown of unique CVE ID in your browser.
Information for generating an SBOM via a graphQL query can be found here