By consolidating 12+ language ecosystems into a single repository, the ActiveState Catalog enables DevSecOps teams to slash CVE exposure by up to 99% and reclaim 30% of engineering time
VANCOUVER, BC, Feb. 18, 2026 /PRNewswire/ —ย ActiveState, a global leader in open source language solutions and secure software supply chain management, today announced it has grown its catalog of secure open source components to 79 million, effectively doubling coverage from 2025 and expanding to more than 12 languages. This provides DevSecOps teams one stop for acquiring trusted open source components for their software development and CVE remediation efforts. ActiveState’s catalog now covers the most popular languages used in enterprise software development, including Java, Javascript, Go, Python, and R, among others, and offers the widest breadth and depth of any open source catalog in the market today. This release moves beyond scanners and imageโonly hardening to a governed, multiโlanguage catalog that standardizes how enterprises consume open source. Companies who want to learn more can visit activestate.com.
Open Source Offers Opportunities – and Risks
Open source software powers 96% of modern software applications, with most companies using 5 to 7 different open source languages in their development process. While beneficial for speeding software development, open source creates chaos and complexity within DevSecOps teams: Without a unified, secure source for open source, software development teams open their companies up to risk each time they download a new package from the open internet or grab a container image from a public repository. Maintainer integrity is unknown, update schedules are inconsistent, and bad actors exploit known vulnerabilities into zero-day threats. Not only does this threaten companies’ security posture, it creates an endless body of work for developers to manage, maintain, and troubleshoot third-party code to keep it vulnerability-free: they are forced to track CVEs for the components, dependencies, shared libraries, and then update, migrate, and replace components to maintain safety and compliance. This drains as much as 30-50% of valuable time and resources from developers that could be otherwise spent on revenue-driving innovation. Furthermore, it jeopardizes companies’ ability to meet compliance requirements, which can also cause a financial impact. The adoption of AI code generators only increases the volume and opacity of these risks.ย
A New “Golden” Path Forward: the ActiveState Catalog
ActiveState’s enterprise-grade, secure catalog enables companies to tame the complexity of open source in their DevSecOps operations. Unlike point solutions focused on a single language or container layer, the ActiveState Catalog is the only solution that unifies component-level coverage across the 12 most-used open source ecosystems – from source code through language libraries and images – into one catalog, standardizing how developers acquire and update open source across languages through a governed golden path. Container images are just one output of the catalog, not the control point itself, which ensures consistency across all entities that leverage open source within an organization. And unlike other solutions, ActiveState doesn’t lock you into a proprietary format that leads to vendor lock-in.ย
All components are continuously monitored and maintained by ActiveState, with an industry-leading 5 business day remediation SLA for critical CVEs, and built from source in a SLSA-3 hardened build environment. In 2025, ActiveState’s OSS build factory completed nearly 1 million successful open source builds for more than 200 global clients. These builds incorporate not only the base component, but also the associated language cores, dependencies, and operating systems required by the customer, ensuring complete, secure open source across the stack.ย
Organizations choosing the ActiveState Catalog, such as Altair, Cisco, Moody’s, and Tesco, eliminate hours of developers hunting for and evaluating open source from multiple vendors, saving as much as 30% of their time, and improve their company’s overall security posture by reducing CVEs by up to 99%.
“We use Python, and R in our software development efforts at Statistics Finland, and sourcing, managing, and maintaining those from different sources increased our operational burden and risk profile,” said Juhani Kauppo, project manager, from Statistics Finland. “Partnering with ActiveState and sourcing our OSS from their library has allowed us to strip away that overhead and strengthen our security posture. That gives our developers more time to focus on innovation and brings peace of mind to our security team.”
Delivering the World’s Most Comprehensive Open Source Catalog
The ActiveState catalog grew to 40 million components in mid 2025 when it introduced coverage for Java and R in addition to Python, Perl, Ruby, and Tcl. As of January 2026, the company has expanded its open source coverage to include other popular languages, including:
- Javascript
- Go
- Rust
- PHP
- .Net
- C, C+, C++
- C#
This brings the catalog component count to 79 million and growing.
“Our customers are seeing the benefit of offloading the management and maintenance of open source to ActiveState,” said Bob Shaker, CPTO, ActiveState. “Our built-from-source components, ongoing CVE management, and integration with package repositories gives companies all of the benefits of open source without the headaches or being trapped into only using containers; ActiveState can also deliver these in native file type or managed distributions. This truly revolutionizes how modern software is managed.”
To learn more about ActiveState’s catalog of secure, trusted open source software, please visit www.activestate.com or Contact Us.
About ActiveState
ActiveState enables DevSecOps teams to improve their security posture while simultaneously increasing productivity and innovation to deliver secure applications faster. The company provides a trusted catalog of more than 79 million secure open source components and container images that can be consumed via artifact repository, CI/CD, IDE, or directly from ActiveState. ActiveState continuously monitors and updates the open source components to help keep companies vulnerability free. Companies using ActiveState see a 60-99% reduction in CVEs, improving their security posture, and save as much as 30% of developer time, eliminating the engineering toil typically associated with using open source in commercial applications. Learn more at www.activestate.com.
View original content to download multimedia:https://www.prnewswire.com/news-releases/activestate-unifies-79m-components-to-launch-worlds-largest-secure-open-source-catalog-302688011.html
SOURCE ActiveState
