ActiveState makes its secure build service available
ActiveState has announced the availability of its secure build service. According to the company, this is a key component of the ActiveState Platform and implements the most Supply Chain Levels for Software Artifacts
(SLSA) Level 4 controls of any publicly available build platform. SLSA, as defined by slsa.dev, is “a security framework, a checklist of standards and controls for preventing tampering, improving integrity, and securing packages and infrastructure in your projects, businesses, or enterprises. It’s how you go from being safe enough to being as resilient as possible at any point along the chain.”
According to the findings of ActiveState’s Supply Chain Security survey, far too many organisations (of all sizes) continue to implicitly trust open source language repositories, despite the fact that they provide no assurance of security or integrity for the millions of thirdparty software assets they provide to software developers.
The ActiveState Platform secure build service implements the controls for generating SLSA level 4 artefacts for open source components. ActiveState combines these controls with its proprietary open source management capabilities to provide comprehensive software supply chain security, which includes automated, tamper-proof builds of open source language dependencies, including native libraries, from source code.
The ActiveState Platform secure build service adheres to SLSA Level 4 standards, allowing DevOps to significantly reduce the risk and cost of securing their software supply chain, while ensuring the security and integrity of the products and services they develop.