Glossary

ActiveState Artifact Repository
Artifact
Attestation
Build
Build Graph
Build Plan
Catalog
Command Line Interface
Commit
Ingredient
Language
Legacy Language Version
Library
Managed Distribution
Operating System
Organization
Package
Platform
Private Project
Project
Project Branch
Public Project
Requirements
Runtime
Solver
Source Code
State Tool
Timestamp


ActiveState Artifact Repository

An ActiveState Artifact Repository (AAR) is a software storage system for the code artifacts required by software teams and systems. It may contain third-party source code components imported from a public repository, as well as the packages built from those components.

Important features include:

  • A secure source of packages for developers that conforms to pre-existing security and compliance expectations.
  • Standardized development artifacts to eliminate “works on my machine” issues.
  • Ensures provenance, in which each built artifact can be fully traced back to its original components.

Artifact

A user-accessible package, bundle, binary, dependency, or transitive dependency whose source code has been downloaded by ActiveState and reviewed / vetted. Artifacts are available to users in the ActiveState catalog.

Attestation

An authenticated statement (metadata) about a software artifact or collection of software artifacts. ActiveState can provide an attestation for any project commit or project branch commit.

Build

A collection of artifacts for a specific project that can be installed as a runtime.

Build Graph

A GraphQL-based API that provides user access to our platform. The Build Graph can be used to:

  • Create a list of requirements for a package.
  • Resolve the requirements to a build plan that includes a complete list of transitive dependencies, as well as native operating system dependencies from our open source catalog.
  • Build and retrieve the result of the build plan on various operating systems and hardware platforms, including Windows, Linux, and macOS.
  • Generate attestations, licensing and vulnerability information, and a software bill of materials (SBOM) for active projects.

The Build Graph uses GraphQL queries.

Build Plan

After a project is created and all needed packages have been added, a build plan is generated by the solver to determine the process needed to build the requested project configuration.

Catalog

A collection of open source artifacts offered by ActiveState. It contains all languages and packages, dependencies, and transitive dependencies that are currently offered to users on the platform. The catalog is updated regularly to include the most popular and useful content possible.

Command Line Interface (CLI)

The ActiveState command line interface is the State Tool.

Commit

A set of changes made to a project at a specific time by a specific user. Commits are the fundamental unit for tracking the changes to a project over time.

Ingredient

A pre-existing dependency or base dependency used to build an artifact on the platform. Typically composed of source code but may extend to other binaries (e.g. build tools and compilers).

Language

Perl, Python, Tcl, Ruby, etc. A “language” refers to any software development language, or version of a language, provided to users via the ActiveState Platform.

Legacy Language Version

Language versions that were previously available for download, but are no longer recommended for use due to age, risk of exploit, or obsolescence.

Library

A C library or any code that is compiled by ActiveState that is not specific to a language core and is used as a system dependency.

Libraries are not selectable by users. However, they may be the dependency of a package and can be specified if they appear in the dependencies of a project.

Managed Distribution

A fully working runtime environment that is managed and maintained by ActiveState on behalf of the customer.

As part of a Managed Distribution, ActiveState will:

  • Notify users of the vulnerability.
  • Locate a newer version of the dependency that resolves the vulnerability.
  • Build the new configuration from source code, and ensure it works with the existing runtime and environment.
  • Package the revised runtime and update all existing configurations.

Operating System

A specific operating system such as Windows 10, macOS 10.8, Linux glibc 2.25, etc. Every project will need to compile for at least one operating system. Only paid accounts are able to create projects that will compile for more than one operating system per project.

Organization

Organizations group ActiveState Platform projects for a company, department, or team. Members of the organization will have access to each project in the organization, with the ability to invite others to join, remove users, and create or modify runtimes (depending on the permissions settings of the user).

Paid organizations support both private and public projects. Free organizations can only support public projects.

Package

Software built by ActiveState from source code that has been ingested from package managers such as PyPi, CPAN, and RubyCentral. A “package” may refer to a language submodule like a Python package or a Perl package.

Platform

The ActiveState Platform is a cloud-based solution that allows developers to create projects that easily build, run, and maintain open-source projects in Perl, Python, Tcl, and others. It includes tools for package management, automated builds, and the ability to collaborate on projects with other developers using the same runtime environment.

Private Project

Projects that have hidden details (language and packages used) and only members of the organization may install this runtime. In the case of a project in a personal organization, only the creator can see and install this runtime.

Project

An organizational unit used to group software components, requirements, variables, scripts, branches, and operating systems logically together. If a user wants to share a runtime with colleagues they will need to create a project within an organization first.

Project Branch

Branches can be created by forking a project to help with tests and new features. Branches bring support for experimental builds, managing complex multi-platform projects, creating different builds per environment, and more.

Public Project

A project that is available for any web user to browse and download. Public projects have details (language & packages used) of the runtime publicly visible. Anyone, including anonymous users, can install the runtime of a public project.

Requirements

A list of mandatory software dependencies that must be included in a project in order to meet the needs of the user. Examples of requirements include specified open source languages and version, libraries, and build options.

Requirements files can be uploaded to the platform in the following formats:

Python projects

  • requirements.txt
  • pipfile
  • pipfile.lock
  • Pyproject.toml
  • Poetry.lock

Perl projects

  • cpan files
  • META.json files

Ruby projects

  • Gemfile.lock

Runtime

A pre-built, installable bundle that contains both a programming language version (e.g. “Python 2.7”) and the packages needed for developing in that language. A runtime does not contain any first-party code produced by developers using the runtime.

All runtimes are customizable. Individual bundles can be tailored to the specific requirements of any given application and scope. A runtime is activated via the CLI (i.e. the State Tool) and can be used on a local machine, server, container, etc.

Solver

An internal utility that determines the build graph that is needed for the requested project configuration. This includes the language version, OS, and any requested ingredients (including all transitive and upstream dependencies). When given a requested list of ingredients, the solver computes a working build graph that will create the runtime.

Source Code

Original code written in the form of functions, descriptions, definitions, calls, methods and other operational statements. ActiveState uses an automated ingestion pipeline to copy in the source code of language core versions and packages from package managers such as PyPi, CPAN, and RubyCentral. The ActiveState Platform then ingests related CVEs and correlates those to the appropriate language core versions and packages before offering them to users.

State Tool

The ActiveState command line interface (CLI), the State Tool allows users to create and manage projects right from the command prompt.

The State Tool can create new projects, view and modify existing projects, and download and install runtime environments.

Timestamp

A point in time before ingested ingredients that ActiveState has deemed safe for users are provided as available ingredients. This allows ActiveState to ingest but not prematurely expose ingredients to users.