Important Notice: Due to the AWS outage, you may experience some technical issues while using our services today

ActiveState Launches World’s Largest Secure Open Source Catalog Unifying 79M Components across 12+ Ecosystems → Learn More

Secure Container Catalog

ActiveState Curated Catalog

Curate a private and vetted repository of open source components from the ActiveState Library that your developers can use safely without having to scour the open internet. A Curated Catalog provides your security team total control over what comes into their environments while giving your engineering teams a fast and secure way to get what they need to build, onboard, and start new projects.
See how it works

What is an ActiveState Curated Catalog used for?

Secure your software supply chain

Replace unvetted and risky components before they reach developer or production environments with verified and continuously monitored components.

Centralize open source governance with low-friction guardrails

Guard how open source is selected and approved for use within your organization without introducing additional friction. Transform security policies from blockers into enablers.

Simplify open source compliance

Compliance audits are made easy with complete visibility into open source usage across your organization, including who approved it and why it’s safe. Compliance reporting moves from weeks to hours.

Reclaim hours lost to development toil

Replace hours spent on manual open source remediation tasks with time spent on new development. Engineers focus on development velocity instead of firefighting vulnerabilities.

Why deploy an ActiveState Curated Catalog?

An ActiveState Curated Catalog provides security teams total control over what comes into their environments while giving engineering teams a fast and secure way to get what they need to build, onboard, and start new projects.

Vetted, built-from-source components

Establish a single, secure source for your language dependencies. All components are built from source using SLSA Level 3 build infrastructure to ensure every component is what it says it is, contains the fewest vulnerabilities, and is secure and up to date.

Secure artifact injection into native ecosystems

ActiveState creates a secure mirror of upstream open source libraries in your own artifact repository. Developers use their existing tools (Maven, Pip, NPM) to pull dependencies from your trusted source.

Component-level security feed

Turn your dependency data into a personal security advisor. Receive daily updates on every component in your stack, alerting you immediately when patches are available or new vulnerabilities are discovered.

Fully remediated for you

We fully manage the build pipeline for you. When the community releases a fix, we immediately rebuild the component in our secure infrastructure and publish it to your catalog, eliminating the need for manual intervention.

FAQs

The Curated Catalog is designed to slide into your current workflow. It works natively with artifact managers like JFrog Artifactory, Sonatype Nexus, and AWS CodeArtifact, acting as a trusted upstream source.
Quite the opposite. Developers continue using their native package managers (pip, npm, etc.). Because the components are pre-vetted, they spend less time waiting for manual security approvals and less time on emergency CVE cleanup.

The catalog supports more than 12 language ecosystems, including Python, Java, JavaScript, C Libraries, and R, providing a unified solution for engineering teams using multiple open source languages.

ActiveState operates under strict SLAs for managed components: 5 business days for critical CVEs and 10 business days for high CVEs, provided a fix is available upstream.
Scanners find problems after they are already in your code. The Curated Catalog is a preventative solution that ensures only secure, approved components are available to be pulled in the first place.
Yes. Building from source ensures that the binary you are using hasn’t been tampered with at the distribution level and provides the transparency required for high-integrity software supply chains.

Your One Stop For Secure, Trusted Open Source

Chat with a member of our team or explore our catalog of secure open source.

Contact Us
Secure Container Catalog

Tame the complexities of your open source

Chat with a member of our product team today.

Contact Us
Customize Your Container
Linkedin Mastodon Github Instagram
PRODUCT

Secure Container Catalog

Supported Languages

Platform Overview

LANGUAGES

Python

Go

Java

R

Perl

Tcl

Ruby

SOLUTIONS

Container Security

Vulnerability Management & Remediation

Software Supply Chain Security

Compliance & SBOM

EOL Support

Center of Excellence

Integrations

Partners

RESOURCES

Blog

Case Studies

Quick Reads

White Papers

Data Sheets

Videos

Webinars

Product Demos

Academy

Trust Center

COMPANY

About Us

Why Us

Careers

Newsroom

Contact Us

Login

Support

Service Status

Documentation

Linkedin Twitter Github Instagram

© 2026 ActiveState Software Inc. All rights reserved. ActiveState®, ActivePerl®, ActiveTcl®, ActivePython®, Komodo®, ActiveGo™, ActiveRuby™, ActiveNode™, ActiveLua™, and The Open Source Languages Company™ are all trademarks of ActiveState.

Legal

Privacy Policy

Accessibility

Scroll to Top