Quick Start: Security and Compliance
The Security & Compliance tab in each organization provides access to the security features of the Platform. Security & Compliance enables you to automatically identify out-of-date or insecure Python packages running in your environment. To begin, you need to complete a few configuration steps to specify the applications to scan and how to organize the scan results in the Platform.
Configuring Security & Compliance
Security & Compliance requires configuration to map the ActivePython interpreter you want to scan for vulnerabilities with the identity in the ActiveState Platform where you want to record the packages scanned and any details for any vulnerabilities identified.
Create an identity: An identity is a tracking identifier that organizes the results of security scans performed for one or more Python interpreters. For example, you could create a “Development” identity to track all security scans performed on development servers.
- Select an organization in the Your Organizations list.
- Click the Security & Compliance tab.
- Click Identities.
- Enter a meaningful name for the identity and click Create.
- Create a new plain text file with the contents of the sample configuration file and save it as
activestate.config. For more information, see Configuring Identities and Where to place your
Download the Security & Compliance plugin
- In the Security & Compliance tab, click Get Started.
- Click the ActiveState-SecurityScanner-0.5.5 button to begin the download.
Configure the Security & Compliance plugin on systems where interpreters run that you want to record scan data for. This involves two configuration steps:
- Use the
pippackage manager to install the plugin. For example, for Python3 with
pip3installed, at the command prompt where you downloaded the plugin enter:
python3 -m pip install ActiveState-SecurityScanner-0.5.1.tar.gzFor more detailed instructions, see Installing the Security & Compliance Plugin.
- Download the
activestate.configfile to direct your security scan output to a specific identity. For details, see Configuring Identities On Linux or macOS, copy the file to the
/etcdirectory if you want all security scans run on that computer to use the same identity. On Windows, create an
ACTIVESTATE_CONFIGenvironment variable that points to your
activestate.configfile. For more information on configuration options, see Configuring Identities.
- Use the
Run your applications and scripts with ActivePython interpreters that have the Security & Compliance plugin installed, and then check the Dashboard to see updates in Your Latest Activity. When the first security scan is complete you can view details in Security & Compliance tab for the organization associated with the identity.