As AI coding assistants proliferate, ActiveState delivers the one tool-agnostic, built-from-source open supply safety layer that governs dependency ingestion no matter which AI software builders use
VANCOUVER, BC, April 30, 2026 /PRNewswire/ — ActiveState, a world chief in trusted, managed open supply software program, at the moment introduced expanded assist for AI-assisted growth environments via the ActiveState Curated Catalog. As a result of the Curated Catalog delivers open supply parts via customary artifact repositories and native bundle managers, it really works wherever builders pull dependencies, together with AI coding environments equivalent to Cursor, Claude Code, GitLab Duo, Tabnine, Windsurf, and JetBrains AI. Safety governance strikes with the developer, not round them.
The Drawback: AI Coding Assistants Generate Open Supply Threat at Machine Velocity
The safety danger on the coronary heart of AI-assisted growth isn’t the AI software itself. It’s the open supply software program these instruments pull from public registries when producing code. Each immediate is a possible dependency request, and the registries these requests hit weren’t designed with enterprise safety posture in thoughts. The assault floor is increasing at machine velocity, and the safety groups answerable for it will not be.
How the ActiveState Curated Catalog Works
The ActiveState Curated Catalog addresses this straight. Safety groups curate a personal, policy-governed repository of open supply parts drawn from the ActiveState Library, a set of greater than 79 million parts constructed from supply inside SLSA Degree 3 infrastructure. When an AI coding assistant requests a bundle or a dependency, it pulls from that curated catalog somewhat than a public registry. Making certain that builders use packages which can be constructed from supply, repeatedly monitored, and robotically up to date when community-approved fixes can be found. Governance is embedded on the level of consumption, which is the one place it could actually realistically preserve tempo with AI-generated code quantity.
Key Capabilities
- Device-agnostic integration: Works with any AI coding assistant that pulls dependencies from customary artifact repositories or native bundle managers, together with Cursor, Claude Code, GitLab Duo, Tabnine, Windsurf, and JetBrains AI.
- 79 million built-from-source parts throughout 12 languages: Each part within the ActiveState Library is constructed from supply inside SLSA Degree 3–compliant infrastructure, delivering verified provenance and an immutable audit path.
- Contractual SLAs for vulnerability remediation: Vital CVEs remediated inside 5 enterprise days, excessive inside 10, and all others inside 30, in opposition to an trade common imply time to remediate that lags upwards of 60 days.
- Native artifact repository compatibility: Works seamlessly with well-liked artifact repositories like JFrog Artifactory, Sonatype Nexus, GitHub Packages, AWS CodeArtifact, GitLab Bundle Registry, Google Artifact Registry, Azure Artifacts, and others. No new tooling or CI/CD modifications required.
- Steady monitoring and computerized updates: When the open supply neighborhood releases a repair, ActiveState builds and publishes the up to date part robotically. Safety groups will not be handed a CVE backlog to handle themselves.
Why Safety Can’t Be Tethered to a Single AI Device
“The market is transferring towards deeply coupled integrations between particular person AI coding instruments and safety distributors,” mentioned Abby Kearns, CEO, ActiveState. “That’s the improper body. Your builders will not be utilizing one AI software, they usually will not be utilizing the identical one in 18 months. The safety layer can’t be coupled to the software. It must be coupled to the dependency. That’s precisely what the Curated Catalog does, and it’s why our structure was constructed this fashion from the beginning.”
What This Means for Safety Leaders: Provenance, Compliance, and Private Legal responsibility
Within the 2026 regulatory atmosphere, the burden of proof has shifted. The EU Cyber Resilience Act and SEC disclosure requirements place the onus on safety leaders to show that software program was safe on the level of origin. Pointing to a scanner isn’t a adequate protection. ActiveState’s immutable provenance, automated audit trails, and contractual remediation SLAs represent a fairly designed program below present regulatory frameworks, one which protects the group and the safety chief personally.
To be taught extra concerning the ActiveState Curated Catalog, go to www.activestate.com.
About ActiveState
ActiveState allows DevSecOps groups to enhance their safety posture whereas concurrently growing productiveness and innovation to ship safe functions quicker. The corporate supplies a trusted catalog of greater than 79 million safe open supply parts and container photographs that may be consumed by way of artifact repository, CI/CD, IDE, or straight from ActiveState. ActiveState repeatedly displays and updates the open supply parts to assist preserve firms vulnerability free. Firms utilizing ActiveState see a 60-99% discount in CVEs, enhancing their safety posture, and save as a lot as 30% of developer time, eliminating the engineering toil usually related to utilizing open supply software program in business functions. Study extra at www.activestate.com.
SOURCE ActiveState
