Quick Start: Security and Compliance

The Security & Compliance tab in each organization provides access to the security features of the Platform. Security & Compliance enables you to automatically identify out-of-date or insecure Python packages running in your environment. To begin, you need to complete a few configuration steps to specify the applications to scan and how to organize the scan results in the Platform.

Configuring Security & Compliance

Security & Compliance requires configuration to map the ActivePython interpreter you want to scan for vulnerabilities with the identity in the ActiveState Platform where you want to record the packages scanned and any details for any vulnerabilities identified.

  1. Create an identity: An identity is a tracking identifier that organizes the results of security scans performed for one or more Python interpreters. For example, you could create a “Development” identity to track all security scans performed on development servers.

    1. Select an organization in the Your Organizations list.
    2. Click the Security & Compliance tab.
    3. Click Identities.
    4. Enter a meaningful name for the identity and click Create.
    5. Create a new plain text file with the contents of the sample configuration file and save it as activestate.config. For more information, see Configuring Identities and Where to place your activestate.config file?.
  2. Download the Security & Compliance plugin

    1. In the Security & Compliance tab, click Get Started.
    2. Click the ActiveState-SecurityScanner-0.5.5 button to begin the download.
  3. Configure the Security & Compliance plugin on systems where interpreters run that you want to record scan data for. This involves two configuration steps:

    1. Use the pip package manager to install the plugin. For example, for Python3 with pip3 installed, at the command prompt where you downloaded the plugin enter: python3 -m pip install ActiveState-SecurityScanner-0.5.1.tar.gz For more detailed instructions, see Installing the Security & Compliance Plugin.
    2. Download the activestate.config file to direct your security scan output to a specific identity. For details, see Configuring Identities On Linux or macOS, copy the file to the /etc directory if you want all security scans run on that computer to use the same identity. On Windows, create an ACTIVESTATE_CONFIG environment variable that points to your activestate.config file. For more information on configuration options, see Configuring Identities.
  4. Run your applications and scripts with ActivePython interpreters that have the Security & Compliance plugin installed, and then check the Dashboard to see updates in Your Latest Activity. When the first security scan is complete you can view details in Security & Compliance tab for the organization associated with the identity.