ActiveState, a Vancouver-based leader in software supply chain security, and Carahsoft Technology Corp., a Reston, Virginia-based trusted government IT solutions provider, announced a partnership on July 23, 2025, to bring ActiveState’s unified Open Source Security Posture Management platform to the public sector. Carahsoft, as Master Government Aggregator, makes the platform available through its reseller partners and NASA Solutions for Enterprise-Wide Procurement (SEWP) V (contracts NNG15SC03B, NNG15SC27B) and Information Technology Enterprise Solutions – Software 2 (ITES-SW2) (contract W52P1J-20-D-0042) contracts. The platform provides continuous security, real-time visibility, robust vulnerability management, automated upgrades, and governance support, aiding FedRAMP and GovCloud compliance. Serving over 2,000 organizations, ActiveState strengthens its foothold in the $10 billion software supply chain security market, projected to reach $20 billion by 2030.
Announced July 23, 2025: ActiveState partners with Carahsoft for public sector.
Platform available via SEWP V (NNG15SC03B, NNG15SC27B) and ITES-SW2 (W52P1J-20-D-0042).
Features: Continuous security, vulnerability management, automated upgrades.
Reduces software supply chain risks by 40%, per ActiveState data.
Software supply chain security market at $10B, projected to hit $20B by 2030.
Follows ActiveState’s 2024 Platform 5.0 launch with AI-driven remediation.
The partnership, announced on July 23, 2025, leverages Carahsoft’s extensive public sector network to distribute ActiveState’s platform, which integrates Intelligent Remediation with open source management. “Partnering with Carahsoft expands our platform’s reach,” said Steve Ruggieri, ActiveState’s Chief Revenue Officer. The platform offers:
Continuous Security: Real-time monitoring and auditing of open source components.
Custom Containers: Secure, tailored environments for development.
Vulnerability Management: Automated detection and remediation, reducing risks by 40%, per ActiveState.
Governance Support: Enhances collaboration and compliance with FedRAMP and GovCloud. Natalie Gregory, Carahsoft’s VP of Open Source Solutions, noted, “ActiveState’s platform manages the entire life cycle of open source dependencies.” The partnership aligns with Carahsoft’s history of distributing solutions like Unstructured and OffSec via SEWP V and ITES-SW2, streamlining procurement for federal, state, and local agencies.
Founded in 1997, ActiveState, with a $150 million valuation post-2024 funding, serves over 2,000 organizations, including 30% of Fortune 1000 companies, with tools like ActivePython and ActivePerl. Its platform reduces supply chain vulnerabilities by 40% and accelerates development by 25%, per 2025 case studies. The $10 billion software supply chain security market, driven by 70% of agencies adopting open source, is projected to double by 2030, per industry reports. ActiveState’s 2024 Platform 5.0 launch, with AI-driven remediation, enhances its edge against competitors like Snyk and Sonatype. Carahsoft’s network, supporting over 60 FedRAMP-authorized vendors, amplifies ActiveState’s reach to government clients.
The software supply chain security sector faces challenges like rising vulnerabilities, with 50% of agencies reporting CVE remediation delays, per 2025 reports. Posts on X from @Carahsoft and @ActiveState reflect enthusiasm for the partnership, emphasizing streamlined procurement and security, though some note integration complexities. Carahsoft’s prior partnerships, like Tanium for endpoint security and Spire for maritime data, underscore its role in public sector IT. ActiveState’s focus on automated remediation and governance positions it to address the 30% rise in open source vulnerabilities reported in 2025, competing with Black Duck’s auditing tools. The partnership is expected to drive 20% public sector revenue growth for ActiveState in 2025, per analyst projections.
ActiveState and Carahsoft’s partnership empowers government agencies with secure, scalable open source solutions, strengthening software supply chain resilience in a critical market.
ActiveState enables DevOps, InfoSec, and Development teams to improve their security posture while simultaneously increasing productivity and innovation to deliver secure applications faster.
We are the only solution in the market today that offers vulnerability-free open source language packages and containers and Intelligent Remediation, which identifies which vulnerabilities to prioritize, assesses the impact of updates causing breaking changes, prioritizes what to fix first, securely builds open source packages from source, and facilitates the build and deploy process to get fixes into production quickly and easily.
All from the trusted partner that pioneered and continues to lead enterprise adoption and use of open source software.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.