ActiveState Launches Curated Catalogs to Neutralize Security Risks in AI-Generated Code

New private repository secures the AI-driven development boom by grounding LLMs in a library of 79 million vetted, rebuilt-from-source components

 ActiveState, a global leader in trusted, managed open source software, today announced the launch of the ActiveState Curated Catalog. This new offering provides organizations with a private, secure repository of open source components from the ActiveState Library, giving developers and AI code generators access to vetted packages from a trusted internal source instead of pulling them directly from the open internet.

Read More: ITTech Pulse Exclusive Interview with Mark Wojtasiak is SVP of Product Research and Strategy at Vectra AI

Directly pulling open source components from public registries introduces significant risk for organizations. Because these packages are often unvetted and may contain known vulnerabilities, they can expose businesses to security threats and potential financial, legal, compliance, and reputational consequences. The use of AI code generators dramatically increases the amount of open source in use, and thus, drives up risk. This new offering addresses these challenges by providing security teams with complete control over which packages enter development environments. By leveraging the world’s largest multi-ecosystem library of more than 79 million rebuilt-from-source components, along with native tooling integration, ActiveState empowers teams to feel more confident to build at scale, while taking the responsibility of security off engineering’s shoulders.

While organizations have good intentions to secure their open source, they often lack the processes, tools, and best practices to efficiently remediate vulnerabilities. The ActiveState Curated Catalog eliminates the burden of monitoring and maintaining components and dependencies, delivering remediated components to customers within industry-leading SLAs: five business days for critical vulnerabilities and ten for high.

“Developers need speed, while security teams need control and too often they’re forced to compromise,” said Bob Shaker, CPTO of ActiveState. “The Curated Catalog eliminates that tradeoff by giving organizations a private library of trusted, rebuilt-from-source open-source components that developers can consume directly in their workflows and from within AI code generators. With the largest multi-ecosystem catalog of verified components, ActiveState enables enterprises to scale open source safely across 12+ language ecosystems — capabilities most solutions simply can’t deliver.”

Key features include:

• Secure AI Coding Enablement: Reduce the risk of open source in AI-generated code by grounding code generators in ActiveState’s Curated Catalog. This ensures every AI-generated component meets enterprise security standards, providing the necessary guardrails to prevent “AI blindness.”
• Built-from-Source Components: The ActiveState Curated Catalog gives organizations access to the world’s largest library of more than 79 million trusted open source components rebuilt from source in ActiveState’s SLSA Level 3–compliant infrastructure. Enterprises can replace risky public packages with verified alternatives while standardizing approved components across teams and language ecosystems.
• Native Integration with Artifact Repositories: Packages are delivered in native formats, such as Python Wheels, and are compatible with existing tools and CI/CD pipelines. The Curated Catalog works seamlessly with popular artifact managers, including JFrog Artifactory, Sonatype Nexus, Cloudsmith, GitHub Packages, GitLab Package Registry, AWS CodeArtifact, Google Artifact Registry, Azure Artifacts, and more.
• Continuous Oversight and Remediation: Security teams receive daily updates on every component in their catalog, with alerts highlighting critical patches or newly discovered vulnerabilities. When upstream fixes are released, components are automatically rebuilt and published to the Curated Catalog, ensuring developers always have access to the most secure and up-to-date packages and dependencies without manual intervention.

Also Read: Why Retail and E-commerce Leaders Are Investing in Domain-Specific Language Models

“Modern software stacks commonly include thousands of open source components sourced from public package registries, where provenance and integrity are not always verifiable,” said Katie Norton, Research Manager at IDC. “As software supply chain threats grow, organizations are placing more emphasis on policy-based controls and using governed sources for dependencies to reduce the likelihood that vulnerable or malicious packages enter the build pipeline. ActiveState’s Curated Catalogs are designed to operationalize that approach by centralizing dependency intake in a private catalog and delivering components through existing developer tooling and artifact repositories.”

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.