The ActiveState Build Graph provides programmatic access to detailed information about ActiveState Platform resources.
The following example queries use the ActiveState/ActivePython-3.8 project to demonstrate the capabilities of the API using Build Graph. This is a public project available on Windows and Linux. It includes a comprehensive list of popular packages for Python development, added and updated over time in a number of commits.
{
project(org: "ActiveState", name: "ActivePython-3.8") {
__typename
... on Project {
name
description
commit {
commit_id
sources(limit: 3) {
name
url
}
}
}
... on NotFound {
message
}
}
}
{
"data": {
"project": {
"__typename": "Project",
"commit": {
"commit_id": "70393b8c-7a03-4dab-9600-b5954c9c2d8b",
"sources": [
{
"name": "python",
"url": "https://dl.activestate.com/source/161a6a17-6b8a-54c9-a476-2c8c960b054e/versions/e99cca64-84a1-5ef8-9e31-27130917a1ad/revisions/2/Python-3.8.8.tgz"
},
{
"name": "Arpeggio",
"url": "https://dl.activestate.com/source/f0551e54-af67-536f-b940-b85cc3823b22/versions/2893f55e-8b9a-5dc0-b24a-5edbcd2b67b8/revisions/2/Arpeggio-1.10.1.tar.gz"
},
{
"name": "Automat",
"url": "https://dl.activestate.com/source/a5f3e778-e279-5fd0-a495-eb25df199672/versions/a3c45c71-e999-56b3-a0b1-44f271505b42/revisions/4/Automat-20.2.0.tar.gz"
}
]
},
"description": "Final release of Community Python 3.8. Not maintained.",
"name": "ActivePython-3.8"
}
}
}
This query uses the ML-Mini-Runtime to demonstrate how to retrieve the vulnerability summary for a project.
{
# Query a project, fetching various fields of it and its commit,
# or showing the error message if it's not found.
project(org: "ActiveState", name: "ActivePython-3.8") {
__typename
... on Project {
name
description
commit {
commit_id
vulnerability_histogram {
severity
count
}
}
}
... on NotFound {
message
}
}
}
{
"data": {
"project": {
"__typename": "Project",
"commit": {
"commit_id": "1ca09276-2f1a-4ba2-8780-27e941d5fa9f",
"vulnerability_histogram": [
{
"severity": "CRITICAL",
"count": 41
},
{
"severity": "HIGH",
"count": 133
},
{
"severity": "MEDIUM",
"count": 142
},
{
"severity": "MODERATE",
"count": 142
},
{
"severity": "LOW",
"count": 6
},
{
"severity": "UNKNOWN",
"count": 1
}
]
},
"description": "",
"name": "ML-Mini-Runtime"
}
}
}
{
sbom(org:"ActiveState"
, name:"ActivePython-3.8")
{
__typename
...on SBOM {
author
timestamp
spdxUri
components{
name
version
supplier
checksum
license
relationship
}
}
}
}
{
"data": {
"sbom": {
"__typename": "SBOM",
"components": [
{
"name": "python",
"relationship": "ptyprocess",
"license": "Unknown",
"checksum": "76c0763f048e4f9b861d24da76b7dd5c7a3ba7ec086f40caedeea359263276f7",
"supplier": "ActiveState",
"version": "3.8.8"
},
{
"name": "Arpeggio",
"relationship": "parver",
"license": "Unknown",
"checksum": "920d12cc762edb2eb56daae64a14c93e43dc181b481c88fc79314c0df6ee639e",
"supplier": "ActiveState",
"version": "1.10.1"
},
{
"name": "Automat",
"relationship": "Twisted",
"license": "Unknown",
"checksum": "7979803c74610e11ef0c0d68a2942b152df52da55336e0c9d58daf1831cbdf33",
"supplier": "ActiveState",
"version": "20.2.0"
},
{
"name": "Babel",
"relationship": "oslo.i18n",
"license": "Unknown",
"checksum": "1aac2ae2d0d8ea368fa90906567f5c08463d98ade155c0c4bfedd6a0f7160e38",
"supplier": "ActiveState",
"version": "2.8.0"
},
Requests for attestation must be made using the buildplanner API.
query slsa {
project(
organization: "<orgname>"
project: "<projectname>"
) {
__typename
... on Project {
commit(vcsRef: "<projectCommitID>") {
... on Commit {
build {
... on Build {
nodes {
__typename
... on Source {
nodeId
namespace
name
version
attestations {
... on Attestations {
slsa_provenance(version: "0.2")
slsa_vsa(version: "0.2")
}
}
}
... on ArtifactSucceeded {
nodeId
displayName
attestations {
... on Attestations {
slsa_provenance(version: "0.2")
slsa_vsa(version: "0.2")
}
}
}
}
}
}
}
}
}
}
}
{
"data": {
"project": {
"__typename": "Project",
"commit": {
"build": {
"nodes": [
{
"__typename": "Source",
"nodeId": "d0624938-25ee-5c3a-b2fa-6e5dd9ed9b2c",
"namespace": "language/python",
"name": "iniconfig",
"version": "1.1.1",
"attestations": {
"slsa_provenance": "https://dl.activestate.com/organization/2b53beaa-5189-4358-b980-ce236a5269b4/project/cc3ff431-93a4-4034-b5ee-c308c1cfe68a/commit/70393b8c-7a03-4dab-9600-b5954c9c2d8b/attestation/activestate-v1/slsa_provenance/version/0.2/d0624938-25ee-5c3a-b2fa-6e5dd9ed9b2c.json",
"slsa_vsa": "https://dl.activestate.com/organization/2b53beaa-5189-4358-b980-ce236a5269b4/project/cc3ff431-93a4-4034-b5ee-c308c1cfe68a/commit/70393b8c-7a03-4dab-9600-b5954c9c2d8b/attestation/activestate-v1/slsa_vsa/version/0.2/d0624938-25ee-5c3a-b2fa-6e5dd9ed9b2c.json"
}
},
{
"__typename": "Source",
"nodeId": "5f662a04-8a87-50c5-98dd-679a7bedfd9b",
"namespace": "language/python",
"name": "cffi",
"version": "1.14.3",
"attestations": {
"slsa_provenance": "https://dl.activestate.com/organization/2b53beaa-5189-4358-b980-ce236a5269b4/project/cc3ff431-93a4-4034-b5ee-c308c1cfe68a/commit/70393b8c-7a03-4dab-9600-b5954c9c2d8b/attestation/activestate-v1/slsa_provenance/version/0.2/5f662a04-8a87-50c5-98dd-679a7bedfd9b.json",
"slsa_vsa": "https://dl.activestate.com/organization/2b53beaa-5189-4358-b980-ce236a5269b4/project/cc3ff431-93a4-4034-b5ee-c308c1cfe68a/commit/70393b8c-7a03-4dab-9600-b5954c9c2d8b/attestation/activestate-v1/slsa_vsa/version/0.2/5f662a04-8a87-50c5-98dd-679a7bedfd9b.json"
}
},
{
If you are calling the API directly via cURL or a script, the endpoint is:
https://platform.activestate.com/sv/mediator/api