#Canada #Vancouver #KubeCon #ActiveState #Secure Container

ActiveState Launches Secure Container Image Catalog

At KubeCon NA 2025, ActiveState, a leading figure in open source security and software supply chain management, unveiled its Secure Container Image Catalog. This platform is specifically designed to empower developers, DevOps, and security professionals with an easily navigable source for secure container images, eliminating the reliance on third-party registries.

This launch comes amid the escalating adoption of container technology in various enterprises, a shift that not only enhances deployment speed but also raises significant security concerns. As businesses increasingly turn to these containers, they find a growing dilemma: balancing rapid development with stringent security requirements. Oftentimes, teams resort to using public base images, which can harbor unrecognized vulnerabilities or fail compliance checks, leading to extensive resources allocated to managing security issues like CVEs and patching roadmaps.

ActiveState's earlier offering of Secure Containers, introduced in June 2025, addressed the critical need for secure and trusted open source images. However, users were primarily dependent on third-party registries, a situation that hindered their visibility over security measures. This was the gap the Secure Container Image Catalog aims to fill, providing a fresh, user-friendly interface where developers can access detailed image data, compare security standards with community images, and make informed decisions based on their security and compliance needs.

Features of the ActiveState Secure Container Image Catalog

The Secure Container Image Catalog empowers its users with several key features:

1. Instant Access to Secure Images: Users can easily browse and pull the latest secure base images for various language runtimes and applications, all curated and actively managed by ActiveState.

2. Comprehensive Security Evaluation: Each image comes with vital security metrics, including current CVE counts, severity ratings, VEX advisories, software bill of materials (SBOMs), license data, and detailed component lists, allowing security teams to assess the fit at a glance.

3. Community Image Comparisons: This capability enables users to see how ActiveState images stack up against popular community options in areas like vulnerability counts, update frequency, and overall image size, assisting organizations in making the best choices regarding container security.

4. Compliance Assurance: ActiveState ensures that all images come with thorough metadata, including cryptographic verification and compliance artifacts, simplifying the audit process for organizations regulated by compliance standards.

5. Customization Requests: Organizations needing tailored solutions can directly request custom builds or older image variants via the catalog, ensuring flexibility in meeting specific requirements.

Bob Shaker, ActiveState’s CPTO, stated the significance of this release, emphasizing that it bridges the gap between secure container offerings and the needs of technical evaluators within enterprises. He mentioned, “Now, anyone can browse our catalog, evaluate images against critical metrics, and confidently pull or customize the secure containers they need—all while remaining within the ActiveState ecosystem.”

Transforming DevSecOps with the New Catalog

As organizations look to streamline their DevSecOps processes, the Secure Container Image Catalog offers a crucial tool for enhancing efficiency and security. With the rapid evolution of security threats and compliance mandates, having direct access to reliable and secure container images can significantly alleviate the challenges faced by teams.

To maximize the catalog's potential, ActiveState also introduced the Container Security Fundamentals Certification. This certification program encompasses three courses designed to educate users on selecting and implementing secure containers, addressing vulnerabilities, and producing and interpreting SBOMs through contemporary best practices. Interested users can find more information at ActiveState’s official certification page.

About ActiveState

ActiveState is dedicated to enhancing the security posture of DevOps, InfoSec, and Development teams while boosting productivity and innovation, making secure application delivery faster and more efficient. As the only solution providing vulnerability-free open source language packages and containers, along with intelligent remediation, ActiveState continues to lead the way in the enterprise adoption of open source software. To discover more about their offerings, visit catalog.activestate.com.