Introducing the ActiveState Trust Center
Jonny Rivera
October 2, 2025

Frequently Asked Questions
What is the ActiveState Trust Center and who is it for?
The ActiveState Trust Center is a dedicated resource at trust.activestate.com that gives customers, prospects, and security teams centralized access to ActiveState's security documentation and compliance records. It is designed for two primary audiences. Security and procurement teams evaluating ActiveState as a vendor can use it to conduct due diligence without requesting documentation through a sales process. Existing customers who need current compliance documentation for their own audits, regulatory reviews, or internal security assessments can access it on demand. The Trust Center consolidates materials that would otherwise require direct outreach to the security team, reducing the time and friction involved in vendor security reviews.
What documentation is available in the Trust Center?
The Trust Center provides access to several categories of documentation. Security reports include the SOC 2 Type 2 audit report and results from third-party penetration testing. Controls documentation lists the safeguards and procedures ActiveState has in place around information security and personal data handling. The subprocessor list identifies the third-party data processors ActiveState works with and how each is used. A FAQ section addresses the most common questions the ActiveState information security team receives during vendor evaluations. Some documents are publicly available directly from the Trust Center, while others are available upon request to qualified prospective or existing customers.
What does ActiveState's SOC 2 Type 2 certification mean for customers?
SOC 2 Type 2 is an independent third-party audit that evaluates whether a vendor's security controls are both appropriately designed and operating effectively over an extended period. Unlike a Type 1 audit, which is a point-in-time assessment, Type 2 covers a defined audit window and provides evidence that controls were consistently in place and functioning throughout that period. For customers using ActiveState to govern open source components in their development pipelines, the SOC 2 Type 2 certification provides documented assurance that ActiveState's internal security, availability, processing integrity, confidentiality, and privacy practices meet recognized standards. It also simplifies the vendor security review process for customers who need to demonstrate third-party risk management controls to their own auditors or regulators.

.png)
.png)
.png)