Author: admin

Integration brings ActiveState’s VEX advisories and secure libraries directly into Trivy scans, providing high-fidelity results and faster remediation paths

VANCOUVER, BC and TEL AVIV, Israel, Nov. 17, 2025 /PRNewswire/ — ActiveState, a global leader in open source language solutions and secure software supply chain management, today announced it has joined Trivy Partner Connect, bringing ActiveState’s CVE advisories, secure open source containers, and language libraries to Trivy’s trusted scanning capabilities. This collaboration delivers CVE-free open source directly into the workflows developers already use, helping teams build and ship secure software more efficiently.

ActiveState joins a growing community of organizations collaborating with Aqua to advance Trivy, the world’s most popular open source vulnerability scanner. Together, ActiveState and Trivy help reduce the noise associated with CVE alerts by integrating ActiveState’s advisory feed into the scanning process. Trivy users can now see an accurate risk profile for any ActiveState open source artifacts they use. The advisory feed also includes VEX (Vulnerability Exploitability eXchange) information, enabling Trivy to suppress CVEs that have been fully investigated and deemed non-exploitable by ActiveState. When valid CVEs are found, Trivy users will also receive remediation options provided by ActiveState for affected containers and language packages.

Through this integration, users will have the most up-to-date information verified by both parties. This collaboration extends the value of Trivy Partner Connect, making it easier for organizations to ensure their open source components are secure, compliant, and production ready.

“ActiveState’s participation in Partner Connect brings their deep expertise in the open source supply chain directly to the Trivy community,” said Matt Richards, CMO at Aqua Security. “By combining ActiveState’s advisories, trusted libraries and secure containers with Trivy’s powerful scanning, developers get the best of both worlds: high-quality, vetted components and reliable, high-fidelity validation. This is a big step forward for developer-first security and supply chain integrity.”

Recent industry research¹ shows that 86% of commercial code bases contain open source vulnerabilities and 81% contain high or critical CVEs. ActiveState found that researching the potential impact of CVEs consumes about 26% of the overall vulnerability discovery-to-remediation process. This involves hands-on research to understand if the vulnerability is reachable and exploitable, and then determining the next step based on those findings (remediate or VEX). The integration between Trivy and ActiveState aims to reduce time spent researching vulnerabilities, giving developers back time to focus on delivering innovation.

“Partnering with Trivy underscores our shared commitment to enabling and securing open source in enterprise applications,” said Stephen Baker, CEO of ActiveState. “Our mission at ActiveState is to provide developers with a trusted, ‘paved path’ for open source, eliminating the complexity, risk, and manual vetting associated with securing the supply chain. This collaboration enables developers to confidently build applications using secure, curated components that are validated by Trivy, allowing them to maintain speed, compliance, and trust in their open source.”

Learn More
Organizations can explore ActiveState’s Trivy-integrated secure open source containers and language libraries at https://trivy.dev/partners or activestate.com. Trivy Partner Connect is open and expanding quickly. Organizations interested in joining can learn more and apply at Trivy Partner Connect.

About ActiveState
ActiveState enables DevOps, InfoSec, and Development teams to improve their security posture while simultaneously increasing productivity and innovation to deliver secure applications faster. We are the only solution in the market today that offers vulnerability-free open source language packages and containers and Intelligent Remediation, which identifies which vulnerabilities to prioritize, assesses the impact of updates causing breaking changes, prioritizes what to fix first, securely builds open source packages from source, and facilitates the build and deploy process to get fixes into production quickly and easily. All from the trusted partner that pioneered and continues to lead enterprise adoption and use of open source software.

About Aqua Trivy
Trivy is the most popular open source scanner for containers, IaC, code, cloud, and Kubernetes, detecting vulnerabilities, misconfigurations, and secrets. Trusted by millions worldwide, Trivy is maintained by Aqua Security. Learn more at https://trivy.dev/.

About Aqua Security
Aqua Security protects every cloud native application from code to cloud to prompt. As the pioneer in container security and vulnerability management, Aqua delivers full protection across the application lifecycle in real time. Our unified CNAPP combines agentless and agent-based controls with industry-leading runtime security for cloud, on-prem, hybrid, multi-cloud, VM and mainframe environments. The Aqua Platform provides best-in-class security agents and advanced contextual analysis to reduce noise and accelerate remediation. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, Israel and secures more than 40% of the Fortune 100. Learn more at aquasec.com.

¹ https://news.blackduck.com/2025-02-25-New-Black-Duck-Report-86-of-Commercial-Codebases-Contain-Vulnerable-Open-Source,-Exposing-Organizations-to-Security-Risks

SOURCE ActiveState

The Central Bank of Ireland (CBI) has imposed sanctions on crypto-asset service provider Coinbase Europe for contraventions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, which occurred between 23 April 2021 and 19 March 2025.

The sanctions imposed by the CBI include a reprimand and a monetary penalty in the amount of €30,663,906, – reduced to €21,464,734 after a settlement scheme discount was applied. The sanctions relate to failures to uphold anti-money laundering and counter terrorist financing monitoring obligations over a twelve-month period.

The sanctions require confirmation of the Irish High Court before taking effect, and would be the fourth largest fine ever issued by the CBI.

Coinbase Europe is part of the global Coinbase Group, which operates a significant global trading platform for crypto assets. In April 2021, it became a “designated person” under the CJA 2010 and was registered as a virtual asset service provider (VASP) with the CBI in December 2022, meaning it was required to monitor transactions for anti-money laundering and counter-terrorist financing purposes.

Where Coinbase suspects that a transaction is facilitating anti-money laundering or counter-terrorist financing, it must make a suspicious transaction report (STR) to the Financial Intelligence Unit of the Garda National Economic Crime Bureau (GNECB) and the Revenue Commissioners as soon as possible.

However, due to technical faults in the configuration of Coinbase’s transaction monitoring system, more than 30 million transactions were not properly monitored over a 12 month period. The value of these transactions amounted to €176 billion. The company took three years to fully complete the proper monitoring of the transactions, resulting in the filing of 2,708 STRs with the GNECB.

Sarah Twohig, a crypto fraud and enforcement specialist with Pinsent Masons in Dublin, said the fine should send a signal to others in the industry of their obligations.

“The enforcement action taken by the Central Bank of Ireland against Coinbase Europe is a reminder of the significant impact a failure to comply with anti-money laundering and counter terrorist financing obligations can have on all businesses that operate in the financial services industry,” she said.

“Businesses such as crypto exchanges and virtual asset service providers must prioritise these obligations, to ensure that the monitoring of assets in their custody is carried out in real time, so that it can be verified that such assets are not the proceeds of crypto fraud and are not being used for money-laundering purposes.” 

As part of a settlement with the CBI (PDF, 543kb/36 pages), Coinbase Europe agreed it had failed to properly monitor 30,442,437 transactions during the 12-month period, and failed to conduct increased monitoring of 184,790 of these transactions.

It also accepted it had not adopted required internal policies and procedures to prevent and detect money laundering and terrorist financing.

The Central Bank of Ireland said the suspicious transactions were associated with serious criminal activities – including money laundering, drug trafficking, cyber attacks and child sexual exploitation.  The fine is the first imposed on a regulated entity in the crypto industry by the regulator.

Colm Kincaid, deputy governor for consumer and investor protection with the Central Bank, said: “Crypto has particular technological features which, together with its anonymity-enhancing capabilities and cross-border nature, makes it especially attractive to criminals looking to move their funds.

“This is why it is especially important that firms engaged in crypto services have robust controls in place to identify and report suspicious transactions.”