Reports and Attestations

ActiveState provides a variety of reporting and attestation tools that help you gain insight into the security of your open source software.

📄️ Attestations

Software attestations are emerging as a key verifiable control for software supply chain security, and are essential for US government vendors to meet Executive Order 14028 requirements. Producing accurate software attestations that conform to existing formats (we use DSSE standard, which is similar to the in-toto format) and criteria set by widely accepted frameworks (like SLSA) will improve the integrity of your software and its composing artifacts, and secure your software supply chain.

📄️ Breaking Change Reports

Making changes to a runtime can have significant downstream effects. ActiveState provides you with tools to review the changes before you commit them and remediate any vulnerabilities and/or breaking changes.

📄️ Software Bill of Materials (SBOM)

A Software Bill of Materials (SBOM) is a comprehensive list of the component parts required to build your project. This can include any open source libraries, plugins, extensions, and system packages. Immutable SBOMS are available in SPDX in both JSON and TAG formats and can be created for any project or any commit in a project. All SPDX SBOMs follow the SPDX2.2 specifications.

📄️ CVE Reports

CVE reports can be generated for all projects in your org or for an individual project. The report contains fields for:

📄️ Vulnerability Dashboard

ActiveState provides multiple tools for viewing and managing security vulnerabilities in your projects. This guide covers how to view CVEs in individual projects, access vulnerability information through the Organization Security Dashboard, and download reports for security reviews and compliance needs.