Glossary

ActivePerl

ActivePerl was a commercially supported distribution of the Perl programming language provided by ActiveState. It was designed to simplify the installation and management of Perl on various operating systems, including Windows, Linux, and macOS. ActivePerl included additional modules, tools, and support services to enhance the experience of using Perl for software development and system administration.

Individual distributions of ActivePerl were replaced by the ActiveState Platform in 2021. Click here to find out more.

ActivePython

ActivePython was a commercially supported distribution of the Python programming language provided by ActiveState. Similar to ActivePerl for Perl, ActivePython was designed to simplify the installation and management of Python on various operating systems, including Windows, Linux, and macOS. It aimed to provide additional modules, tools, and support services to enhance the Python development experience.

Individual distributions of ActivePython were replaced by the ActiveState Platform in 2021. Click here to find out more.

ActiveState Artifact Repository

An ActiveState Artifact Repository (AAR) is a software storage system for the code artifacts required by software teams and systems. It may contain third-party source code components imported from a public repository, as well as the packages built from those components.

Important features include:

  • A secure source of packages for developers that conforms to pre-existing security and compliance expectations.
  • Standardized development artifacts to eliminate “works on my machine” issues.
  • Ensures provenance, in which each built artifact can be fully traced back to its original components.

ActiveTcl

ActiveTcl was a commercially supported distribution of the Tcl (Tool Command Language) programming language provided by ActiveState. Tcl is a scripting language known for its simplicity and extensibility, often used for various purposes such as scripting, automation, and developing graphical user interfaces.

Individual distributions of ActiveTcl were replaced by the ActiveState Platform in 2021. Click here to find out more.

Activestate.yaml

An activestate.yaml file is generated for each project created. It is entirely owned by the user and acts as a shortcut to your project. The file includes project details such as its location online, language and package information, and security features. An example is shown below

alt_text

Artifact

A user-accessible package, bundle, binary, dependency, or transitive dependency whose source code has been downloaded by ActiveState and reviewed/vetted. Artifacts are available to users in the ActiveState catalog.

Attestation

An authenticated statement (metadata) about a software artifact or collection of software artifacts. ActiveState can provide an attestation for any project commit or project branch commit. More information about attestations can be found here.

Build

A collection of artifacts for a specific project that can be installed as a runtime.

Build Graph

A GraphQL-based API that provides user access to our Platform. The Build Graph can be used to:

  • Create a list of requirements for a package.
  • Resolve the requirements to a build plan that includes a complete list of transitive dependencies, as well as native operating system dependencies from our open source catalog.
  • Build and retrieve the result of the build plan on various operating systems and hardware platforms, including Windows, Linux, and macOS.
  • Generate attestations, licensing and vulnerability information, and a software bill of materials (SBOM) for active projects.

The Build Graph uses GraphQL queries.

Build Plan

After a project is created and all needed packages have been added, a build plan is generated by the solver to determine the process needed to build the requested project configuration.

Catalog

A collection of open source artifacts offered by ActiveState. It contains all languages and packages, dependencies, and transitive dependencies that are currently offered to users on the Platform. The catalog is updated regularly to include the most popular and useful content possible.

Command Line Interface (CLI)

The ActiveState command line interface is the State Tool.

Commit

A set of changes made to a project at a specific time by a specific user. Commits are the fundamental unit for tracking the changes to a project over time.

CVE

stands for “Common Vulnerabilities and Exposures.” The CVE system is a widely recognized and standardized method for identifying and naming security vulnerabilities and exposures in software and hardware.

CVE exposure

The potential vulnerability or security risk associated with a particular software, system, or technology.

These vulnerabilities are documented in the CVE database, which assigns a unique identifier (CVE ID) to each security issue, making it easier for security professionals and organizations to track and address them.

CVE report

CVE reports keep a current account of any potential vulnerabilities in your project is important to keeping your runtime environment secure and running smoothly. The Vulnerability Report generated by the ActiveState Platform will show

  • Project name.
  • Time of the report creation.
  • Language and version of the project.
  • Commit ID.
  • Link to the project.
  • A detailed list of all vulnerabilities including their name, their link to National Vulnerability Database, threat severity, and a short description of the vulnerability.
  • A list of the secured artifacts included in the project.

Click here to find out more about CVE reports.

Dependency vendoring

Dependency vendoring is a software development practice that involves including external dependencies or libraries directly within a project’s source code repository rather than relying on external package managers or repositories to fetch and manage those dependencies during the build or execution process.

Dependency vendoring is commonly used in scenarios where stability and reproducibility are critical, for example in a Managed Distribution.

Docker images

Docker images are lightweight, stand-alone, and executable packages that contain everything needed to run an application, including the code, runtime, libraries, and system tools. Project runtimes are able to be embedded into a Docker image via the Universal Packager. Click here to find out more.

Enterprise tier

Information on ActiveState tiers can be found here.

Free tier

Information on ActiveState tiers can be found here.

Ingredient

A pre-existing dependency or base dependency used to build an artifact on the Platform. Typically composed of source code but may extend to other binaries (e.g. build tools and compilers).

Komodo

Komodo was an integrated development environment (IDE) primarily focused on supporting and enhancing the development of dynamic languages, particularly Perl, Python, Ruby, and Tcl. It was developed and offered by ActiveState and was open-sourced in 2022. Find out more here.

Languages

Perl, Python, Tcl, Ruby, etc. A “language” refers to any software development language, or version of a language, provided to users via the ActiveState Platform.

Legacy Language Version

Language versions that were previously available for download, but are no longer recommended for use due to age, risk of exploitation, or obsolescence.

Library

A C library or any code that is compiled by ActiveState that is not specific to a language core and is used as a system dependency.

Libraries are not selectable by users. However, they may be the dependency of a package and can be specified if they appear in the dependencies of a project.

Managed Distribution

A fully working runtime environment that is managed and maintained by ActiveState on behalf of the customer.

As part of a Managed Distribution, ActiveState will:

  • Notify users of the vulnerability.
  • Locate a newer version of the dependency that resolves the vulnerability.
  • Build the new configuration from source code, and ensure it works with the existing runtime and environment.
  • Package the revised runtime and update all existing configurations.

Offline installer

Offline installers let you install a runtime environment in a system whose security or compliance parameters may prohibit the installation of regular ActiveState runtimes. Offline installers can be installed in air-gapped systems, as well as systems with no live network or internet connection, and are available for all Perl, Python, and Ruby projects. Find out more here.

Operating System

A specific operating system such as Windows 10, macOS 10.8, Linux glibc 2.25, etc. Every project will need to compile for at least one operating system. Only paid accounts are able to create projects that will compile for more than one operating system per project.

Organization

Organizations group ActiveState Platform projects for a company, department, or team. Members of the organization will have access to each project in the organization, with the ability to invite others to join, remove users, and create or modify runtimes (depending on the permissions settings of the user).

Paid organizations support both private and public projects. Free organizations can only support public projects.

Organization Security Dashboard

The Organization Security Dashboard lets you view the vulnerabilities of all your projects across your entire organization. You can quickly find affected projects with major vulnerabilities, and incorporate the dashboard into existing scheduled reports. Click here to find out more.

Package

Software built by ActiveState from source code that has been ingested from package managers such as PyPi, CPAN, and RubyCentral. A “package” may refer to a language submodule like a Python package or a Perl package.

Package catalog

A software package catalog is a centralized collection of software packages or libraries that are available for installation, distribution, and management. These catalogs can help find, download, and install software components, libraries, dependencies, and other resources.

The ActiveState package catalog is regularly revised and patched for emergent issues

Package manager

A package manager is a software tool used to automate the process of installing, updating, configuring, and managing software packages or libraries on a computer system. Package managers are essential components of modern software ecosystems to simplify software installation, dependency management, and version control.

The ActiveState package manager is the State Tool CLI.

Platform

The ActiveState Platform is a cloud-based solution that allows developers to create projects that easily build, run, and maintain open-source projects in Perl, Python, Tcl, and others. It includes tools for package management, automated builds, and the ability to collaborate on projects with other developers using the same runtime environment.

Pricing

Information on ActiveState tiers and pricing can be found here.

Private project

Projects that have hidden details (language and packages used) and only members of the organization may install this runtime.

Project

An organizational unit used to group software components, requirements, variables, scripts, branches, and operating systems logically together. If a user wants to share a runtime with colleagues they will need to create a project within an organization first.

Project branch

Branches can be created by forking a project to help with tests and new features. Branches bring support for experimental builds, managing complex multi-platform projects, creating different builds per environment, and more.

Project page

Each project created has a unique page to view, edit, and update aspects of your project. Click here to find out more.

Public project

A project that is available for any web user to browse and download. Public projects have details (language & packages used) of the runtime publicly visible. Anyone, including anonymous users, can install the runtime of a public project.

Requirements

A list of mandatory software dependencies that must be included in a project in order to meet the needs of the user. Examples of requirements include specified open source languages and version, libraries, and build options.

Requirements files can be uploaded to the Platform in the following formats:

Python projects

  • requirements.txt
  • pipfile
  • pipfile.lock
  • Pyproject.toml
  • Poetry.lock

Perl projects

  • cpan files
  • META.json files

Ruby projects

  • Gemfile.lock

Runtime

A pre-built, installable bundle that contains both a programming language version (e.g. “Python 2.7”) and the packages needed for developing in that language. A runtime does not contain any first-party code produced by developers using the runtime.

All runtimes are customizable. Individual bundles can be tailored to the specific requirements of any given application and scope. A runtime is activated via the CLI (i.e. the State Tool) and can be used on a local machine, server, container, etc.

SBOM

A Software Bill of Materials is a comprehensive list of the component parts required to build your project. This can include any open source libraries, plugins, extensions, and system packages. More information on SBOMs can be found here.

Solver

An internal utility that determines the build graph that is needed for the requested project configuration. This includes the language version, OS, and any requested ingredients (including all transitive and upstream dependencies). When given a requested list of ingredients, the solver computes a working build graph that will create the runtime.

Source Code

Original code written in the form of functions, descriptions, definitions, calls, methods and other operational statements. ActiveState uses an automated ingestion pipeline to copy in the source code of language core versions and packages from package managers such as PyPi, CPAN, and RubyCentral. The ActiveState Platform then ingests related CVEs and correlates those to the appropriate language core versions and packages before offering them to users.

State Tool

The ActiveState command line interface (CLI), the State Tool allows users to create and manage projects right from the command prompt.

The State Tool can create new projects, view and modify existing projects, and download and install runtime environments.

Team tier

Information on ActiveState tiers can be found here.

Tcl

Tcl, short for “Tool Command Language,” is a dynamic scripting language that was created for simplifying and automating tasks related to system administration, text processing, and scripting. ActiveState offers Tcl runtimes through the ActiveState Platform.

Timestamp

A point in time before ingested ingredients that ActiveState has deemed safe for users are provided as available ingredients. This allows ActiveState to ingest but not prematurely expose ingredients to users.

Universal Packager

The Universal Packager includes all currently available ways to get your project runtime onto your local machine(s) without using the State Tool CLI. To find out more click here.

VisualPerl

VisualPerl was specifically designed to facilitate the development of Perl scripts and applications on the Windows platform, particularly in conjunction with Microsoft’s Visual Studio integrated development environment (IDE).

VisualPerl was replaced by the ActiveState Platform in 2021. Click here to find out more.