Ensuring that your open source artifacts (packages, dependencies, bundles, binaries, etc.) are free from vulnerabilities is an important way of securing your software supply chain. Each artifact in your ActiveState runtime is built securely from source, following the SLSA framework best practices, including:
When managing your project, the State Tool validates the checksum of each artifact in your runtime to ensure that what you have received is correct, untampered, and uncorrupted. If a security vulnerability is discovered in one of your artifacts, a CVE report can be generated for review. You can then choose how to remediate the risks to your project.