ActiveState Curated Catalog Named Best Open Source Security Platform by The Hacker News Cybersecurity Stars Awards 2026
ActiveState
July 8, 2026
VANCOUVER, British Columbia – July 8, 2026 – ActiveState, a global leader in open source software security and software supply chain management, today announced that the ActiveState Curated Catalog has been named Best Open Source Security Platform at The Hacker News Cybersecurity Stars Awards 2026. The award recognizes companies and individuals who have demonstrated excellence in cybersecurity. ActiveState was selected from a competitive field of nominees across the Open Source Security category.
Why Governing the Ingestion Point Matters Now
The award arrives at a moment when the software supply chain risk organizations carry has materially changed. AI coding assistants are accelerating open source consumption without improving the governance around it. The natural friction of a developer evaluating a package before accepting it, which slowed bad dependency decisions,, is gone. Suggestions appear inline, look authoritative, and are accepted in a single keystroke with no provenance check.
That shift has consequences. Malicious open source packages grew 73% in 2025 alone (according to ReversingLabs Software Supply Chain Security Report, 2026) with active compromises hitting tools embedded in more than 100,000 CI/CD pipelines. On April 15, 2026, NIST formally acknowledged it can no longer enrich all CVEs, creating a permanent structural gap in scanner-based detection at exactly the moment AI is accelerating consumption.
Scan and pray is a liability masquerading as a strategy. Curate and govern is the new paradigm for the AI-coding era.
"Security leaders today are being asked to govern an intake process they cannot fully see," said Abby Kearns, CEO, ActiveState. "The ActiveState Curated Catalog is the governance layer that makes AI-assisted development safe to scale. When an AI coding assistant pulls a dependency, that package comes from a vetted, built-from-source catalog, not from a public registry where your security team has zero visibility or control. Governance holds at the point of ingestion. That is the only place it can realistically keep pace with AI-generated code volume."
Watch a demo of the ActiveState Curated Catalog on our YouTube channel.
About the ActiveState Curated Catalog
The ActiveState Curated Catalog is a private, policy-governed repository of open source components that security teams curate and developers and AI coding assistants consume safely, without pulling from unvetted public registries. Every component is built from source within SLSA Level 3 infrastructure, continuously monitored, and automatically remediated under contractual SLAs of 5 business days for critical CVEs and 10 business days for high CVEs, against an industry average mean time to remediate that lags upwards of 50 days.³
Key Capabilities
- Single vetted source, multi-language coverage: A private catalog of built-from-source components and their verified dependencies across 12+ language ecosystems, including Python, Java, JavaScript, C, R, and more, replacing unvetted public registries as the default for developers and AI coding assistants.
- Native workflow compatibility: Developers use the package managers they already know, including pip, npm, and Maven, and the artifact repositories already in their pipeline, including JFrog Artifactory, Sonatype Nexus, AWS CodeArtifact, and GitHub Packages, with no new tooling and no changes to existing CI/CD strategy.
- Agnostic AI coding assistant integration: Works with any AI coding tool that pulls dependencies from standard artifact repositories or native package managers, including Cursor, Claude Code, GitLab Duo, Tabnine, Windsurf, and JetBrains AI.
- Continuous CVE remediation under contractual SLAs: Managed components are rebuilt and republished when community-approved fixes are available. Critical CVEs are addressed within 5 business days, high CVEs within 10, against an industry average that lags upwards of 50 days.
- Audit-ready by default: A complete system of record for component versions, licenses, and security posture over time, with daily security intelligence and immediate alerts when new vulnerabilities are discovered or patches become available.
Organizations deploying the ActiveState Curated Catalog see approximately 95% fewer CVEs compared to community open source artifacts, approximately 90% reduction in mean time to remediate, and a complete, immutable audit trail that protects the organization and the security leader personally when regulators ask.
About the Cybersecurity Stars Awards
The Cybersecurity Stars Award is granted by The Hacker News, the world's most widely read cybersecurity publication, to companies and individuals who have demonstrated excellence in the field. The 2026 award program recognized winners across categories spanning the full cybersecurity landscape.
About ActiveState
ActiveState enables DevSecOps teams to improve their security posture while simultaneously increasing productivity and innovation to deliver secure applications faster. The company provides a trusted catalog of more than 79 million secure open source components and container images that can be consumed via artifact repository, CI/CD, IDE, or directly from ActiveState. ActiveState continuously monitors and updates the open source components to help keep companies vulnerability free. Companies using ActiveState see a 60-99% reduction in CVEs, improving their security posture, and save as much as 30% of developer time, eliminating the engineering toil typically associated with using open source in commercial applications. Learn more at www.activestate.com.
Media Contact
Brandy Coulsey
Brand and Communications Manager, ActiveState
brandyc@activestate.com


