ActiveState Expands Secure Open Source Offering for Enterprises with Vulnerability-free Container Images

Solution leverages the company's 30 years of open source experience, secure catalog of over 40M+ components, and hands-on expertise to help enterprises secure their software supply chain

VANCOUVER, BC, June 24, 2025 /PRNewswire/ -- ActiveState, the leader in secure open source and intelligent remediation, today announced it has expanded its support of secure open source to include free and customized low-to-no vulnerability containers that facilitate modern software development. Coupled with the industry's largest catalog of secure open source components (40M+ and growing), ActiveState's container offering gives enterprises a one-stop solution for securing their software supply chain. 

The challenge with many secure container offerings today is that they stop at the base layer or offer limited customization options, leaving teams to handle the rest of their application dependencies themselves or engage in slow, expensive service contracts to get what they need. ActiveState's secure container offering, which includes both free and customizable options, bridges the gap between secure base images and app dependencies by providing a selection of hardened base containers that can be further customized using ActiveState's leading catalog of managed application dependencies and build expertise.

"ActiveState has been securing open source software for enterprises for nearly 30 years now; adding low-to-no vulnerability container images to our catalog is a natural expansion of our focus," said Stephen Baker, CEO, ActiveState. "We understand the urgent need for secure, easy-to-use container solutions. Our new offering not only solves a critical problem DevOps and security teams are looking to solve right now but also expands ActiveState's reach, driving growth and reinforcing our position as the open source security partner of choice."

ActiveState delivers container images for the most popular open source software languages used in enterprise application development today as well as languages that power some of the economy's most important infrastructure. Debuting today on the company's DockerHub repositories are low-to-no vulnerability base images backed by the largest catalog of open source libraries to enable customization. This allows ActiveState to service the widest base of customers across highly regulated industries such as software, financial services, utilities, healthcare, government, and transportation and enable these businesses to secure not only their new applications, but also those they have been managing and maintaining for decades.

Base images are updated nightly; when vulnerabilities are identified, ActiveState remediates the container images within 7 days for critical vulnerabilities. For companies requiring customization of their container images, ActiveState's customer success team offers the fastest customization turnaround in the industry.

Key benefits include:

• Instant and ongoing security: Pre-built container images eliminate vulnerabilities from the start. Nightly builds and rigorous vulnerability remediation SLAs keep companies safe and secure over time. 
• Unmatched Customization: ActiveState's history of securing open-source enables customers to access over 40 million secure components, including Python, Java, Perl, and Go, to meet their application needs, bridging the gap between secure base images and vulnerable application dependencies.
• Battle-Tested Build Automation: Customers inherit the benefits of a secure, automated SLSA-3 build system that the ActiveState team uses to perform image customization. This allows teams to offload the risky process of building and maintaining custom images while saving on engineering and overhead costs.
• Simplified compliance: Low-to-no vulnerability custom containers help teams achieve and maintain complex compliance requirements without lengthy audit cycles. Further image hardening and industry-leading SLA for CVE remediation helps companies meet strict requirements (e.g., FedRAMP, SOC 2 etc.).

"As organizations face increasing pressure to secure both modern applications and long-maintained legacy systems, demand is growing for container images that go beyond hardened base layers to include trusted, up-to-date application dependencies," said Katie Norton, research manager for DevSecOps and Software Supply Chain Security at IDC. "ActiveState's secure container offering addresses this need by combining customizable base images with a large catalog of pre-vetted open source components, helping organizations strengthen software supply chain security while reducing manual effort."

Visit ActiveState's DockerHub repository today to review and download the company's secure container images. Interested in customization? ActiveState will customize one non-production container for free for companies to evaluate before purchase. Contact ActiveState to learn more and schedule your customization.

About ActiveState 
ActiveState enables DevOps, InfoSec, and Development teams to improve their security posture while simultaneously increasing productivity and innovation to deliver secure applications faster.

We are the only solution in the market today that offers vulnerability-free open source language packages and containers and Intelligent Remediation, which identifies which vulnerabilities to prioritize, assesses the impact of updates causing breaking changes, prioritizes what to fix first, securely builds open source packages from source, and facilitates the build and deploy process to get fixes into production quickly and easily.

All from the trusted partner that pioneered and continues to lead enterprise adoption and use of open source software.

View original content to download multimedia:https://www.prnewswire.com/news-releases/activestate-expands-secure-open-source-offering-for-enterprises-with-vulnerability-free-container-images-302489324.html

SOURCE ActiveState