ActiveState, a prominent provider of open source language solutions, has announced the expansion of its secure open source component catalog to an unprecedented total of 79 million components. This significant growth, which has doubled the catalog since 2025, encompasses over 12 programming languages, providing a centralized resource for DevSecOps teams to enhance software security and streamline development processes.
The newly launched ActiveState Catalog now covers essential languages frequently utilized in enterprise environments, such as Java, JavaScript, Go, Python, and R. This comprehensive offering allows companies to source trusted open source components efficiently, facilitating their efforts in addressing Common Vulnerabilities and Exposures (CVEs). By using this unified repository, organizations can reduce their CVE exposure by up to 99% while reclaiming as much as 30% of engineering time previously spent managing disparate open source components.
Addressing the Challenges of Open Source
The rise of open source software has transformed the development landscape, now powering approximately 96% of modern applications. However, many companies face significant challenges due to the complexity of managing multiple open source languages. Development teams may inadvertently expose their organizations to security risks each time they download packages from unverified sources. Issues such as unknown maintainer integrity, inconsistent update schedules, and the exploitation of vulnerabilities can lead to severe operational challenges.
As developers struggle to manage, maintain, and troubleshoot third-party code, they are tasked with tracking CVEs across various components and libraries. This process often consumes 30-50% of their time and resources, detracting from their ability to focus on innovation and compliance requirements. The introduction of AI code generators has further complicated this landscape, increasing both the volume of code and the associated risks.
Transforming Open Source Management with the ActiveState Catalog
The ActiveState Catalog aims to simplify open source management for DevSecOps teams. Unlike point solutions that focus on individual languages or container layers, the catalog integrates component-level coverage across the twelve most widely used open source ecosystems. This means that developers can standardize how they acquire and update open source components through a governed process that encompasses the entire development lifecycle.
ActiveState’s commitment to security is evident through its rigorous monitoring and maintenance of all components. The company offers an industry-leading five business day service level agreement for remediating critical CVEs, ensuring that organizations can operate with confidence. In 2025, ActiveState’s build factory successfully completed nearly 1 million open source builds for over 200 global clients, demonstrating its capability to deliver secure and robust software solutions.
Organizations such as Altair, Cisco, Moody’s, and Tesco have already benefited from the ActiveState Catalog by eliminating hours spent searching for and evaluating open source components from multiple vendors. By streamlining this process, these companies have improved their overall security posture and increased developer productivity.
Juhani Kauppo, a project manager at Statistics Finland, shared his experience: “Sourcing, managing, and maintaining our Python and R components from different sources increased our operational burden and risk profile. Partnering with ActiveState has allowed us to strip away that overhead and strengthen our security posture.”
Bob Shaker, Chief Product and Technology Officer at ActiveState, highlighted the advantages of their solution: “Our built-from-source components, ongoing CVE management, and integration with package repositories provides companies with all the benefits of open source without the headaches.”
The expansion of the ActiveState catalog to 79 million components solidifies its position as the world’s largest secure open source repository. The addition of languages such as Rust, PHP, and .NET has further diversified its offerings, ensuring organizations have access to the resources they need for secure and efficient software development.
For more information about the ActiveState Catalog and its secure open source components, please visit ActiveState’s official website at www.activestate.com.
