Two of the most critical issues faced by development teams include timely vulnerability remediation and knowing which component or version of a component is safe to use. The ActiveState Platform addresses both issues by providing a vulnerability status that shows the number of vulnerabilities (and threat severity) for the open source artifacts in your project, allowing you to identify and remediate risks early and often.
The Report function is only available to Enterprise users
Creating a successful project containing everything you need may involve managing some risks, as not every vulnerability listed means your project is not secure. We encourage you to investigate these vulnerabilities to see if remediation is needed.
After accessing the risks associated with your project you can move on to remediation.
The ActiveState Platform will shorten the lengthy remediation process of investigating, rebuilding, retesting, and updating runtime environments. The Platform lets you find, fix, and automatically rebuild a secure version of your runtimes in minutes. Decreasing the Mean Time To Remediation (MTTR) from days to hours.
To protect the integrity and settings of your existing project, we recommend creating a new branch of your existing project, making any remediations in the new branch, verifying a successful build (with vulnerabilities remediated), and then incorporating the new branch into your existing CI/CD pipeline
To create a new branch of your project:
To make changes to your new branch:
It is recommended that you only proceed with resolved dependencies. Proceeding with unresolved dependencies may introduce unnecessary risks to the security of your project.
You can now run this new branch, complete with your remediated vulnerabilities, from the Download Builds tab of your project or against your current CI/CD pipeline using existing methods unique to your organization.