Secure Packages at the Build Step
ActiveState components integrate into your CI/CD pipeline at the point where dependencies are resolved. Your build configuration pulls from a vetted source instead of a public registry, and nothing else changes.
.webp)
How it works
Point your package manager or container registry configuration at your Curated Catalog. When your pipeline runs, it resolves dependencies from ActiveState's vetted catalog instead of public sources. This works with any CI/CD platform that supports standard package manager configuration.
What ActiveState adds to your pipeline
Security before the build starts
Packages are pre-vetted and built from source. By the time your pipeline pulls a dependency, it has already been scanned, verified, and compiled in SLSA Level 3 infrastructure.
No pipeline modifications required
ActiveState works through your package manager configuration, not through plugins or custom steps. GitHub Actions, GitLab CI, Jenkins, CircleCI, Azure Pipelines, and any other CI/CD tool that runs pip, npm, or Maven can pull from your catalog.
Remediation that keeps your pipeline green
When ActiveState publishes a patched package, your next pipeline run picks it up automatically. No manual version bumps, no emergency hotfix branches.
FAQs
Does ActiveState require a CI/CD plugin?
No. ActiveState integrates through standard package manager and registry configuration. Any CI/CD platform that can run pip, npm, Maven, or pull container images can use ActiveState.
What happens when ActiveState remediates a package my pipeline depends on?
ActiveState rebuilds the package with the patch applied and publishes it to your catalog. Your pipeline picks up the updated package on its next run through normal dependency resolution.
Still have questions?
Talk to our team.
Secure Your CI/CD Pipeline
Talk to our team about connecting your Curated Catalog to your CI/CD workflows.
%20(1).webp)