Open in app

Sign in

Write

Sign in

How To Remediate Your Open Source Vulnerabilities Quicker

Dana Crane
3 min readJun 3, 2021

--

Open source vulnerabilities are an inconvenient fact of every developer’s life. The ActiveState Platform helps you remediate these vulnerabilities quicker:

  • Know when your Python, Perl, or Tcl environment is vulnerable
  • Understand the severity level of each vulnerability
  • Easily fix vulnerable runtimes, and automatically rebuild a secure version of your environment

When it comes to helping developers resolve vulnerabilities, our goal is twofold:

  1. Get you back to coding as quickly as possible
  2. Fix vulnerabilities in hours instead of days

Watch how we do it:

https://www.youtube.com/watch?v=0AqFG-5YZYw

Finding Vulnerabilities: Identify Vulnerable Projects

The ActiveState Platform provides you with multiple ways to identify vulnerabilities associated with your Python, Perl and Tcl projects:

  1. Email notifications are sent as soon a vulnerability is detected (coming soon)
  2. A detailed vulnerability report can be downloaded from the ActiveState Platform, and distributed to all stakeholders
  3. A vulnerability status summary is displayed for each runtime environment, as shown in the following screenshot for a Python project:

The summary and detailed vulnerability report are also available from the ActiveState Platform’s command line interface, the State Tool by running:

state cvestate cve report  <Organization/Project>Copy

And if you prefer to obtain vulnerability information programmatically, you can use the ActiveState Platform’s GraphQL API. Click here to try it out.

But identifying vulnerable components is only the first step toward remediation.

Fixing Vulnerabilities: Remediate Vulnerable Environments

On the ActiveState Platform do the following:

  1. Create a new branch of your runtime environment, and switch to it.

Branches inherit the configuration of the parent, and allow you to make changes without impacting the parent.

2. Point-and-click to upgrade/downgrade vulnerable packages and dependencies to a shown-secure version.

In some cases, you may be able to safely downgrade to an older, vulnerability-free version if you’re not using a package’s newer features/functionality.

3. Assess the impact of selecting a newer/older version of a component on all the packages and dependencies (including transitive dependencies) in your environment BEFORE you commit to them, ensuring you understand the ramifications.

Unlike most other package management solutions, the ActiveState Platform resolves dependencies automatically, ensuring your environment won’t break as a result of your actions.

4. Press the Commit button to automatically rebuild your secure Python, Perl or Tcl runtime from source code, ready to deploy on Windows, Linux and macOS.

Spending less time and effort patching vulnerabilities means you can get back to coding quicker.

Conclusions — Reduce Mean Time to Remediation

Identifying and remediating open source vulnerabilities remains one of the most urgent challenges for developers. While there are a number of tools you can use today to help automate the vulnerability remediation process, no comprehensive, end-to-end solution exists.

The ActiveState Platform goes a long way toward realizing that solution by providing:

  • Automated notifications
  • Manual point-and-click selection of secure package/dependency versions (soon to be fully automated and offered as a branch for you to merge)
  • Automated rebuilding of Python, Perl and Tcl environments
  • Automated updating of your CI/CD runtime environments (read about how the ActiveState Platform can help optimize your CI/CD pipeline)

As a result, developers can speed vulnerability remediation, and organizations can decrease Mean Time To Remediation (MTTR) for open source vulnerabilities from days to just hours.

Ready to give it a try? If you have a free ActiveState Platform account, you can:

  1. Sign up to try our Beta version for yourself
  2. After you’re approved, you can install one of our pre-built runtimes that has existing vulnerabilities so you can see how easy it is to resolve them:
Cve
Vulnerability
Python
Security
Perl

--

--

Dana Crane
Dana Crane

Written by Dana Crane

34 Followers
2 Following

With 25+ years in software, I’ve had my share of both crossing and falling into the chasm. I’m currently the Product marketing Mgr at ActiveState Software.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams