The ActiveState Managed Distribution
The ActiveState Managed Distribution is a fully working runtime environment (with installers) for all the OS platforms you need to deploy on. It is fully managed and maintained by ActiveState on behalf of the customer, ensuring the open-source components used are free of bugs and vulnerabilities. ActiveState’s expertise in legacy and emerging language tech stacks will help save valuable engineering time, that can then be spent on other value-producing tasks.
Managed Distributions use “dependency vendoring”, a strategy that checks third-party software source code directly into your product’s codebase before adopting dependencies into your source control system (rather than relying on a package manager to install dependencies on demand).
After identifying a vulnerability, your Managed Distribution:
- Notifies you of the vulnerability.
- Locates a newer version of the dependency that resolves the vulnerability.
- Builds the new configuration from source code, and ensures it works with your existing runtime and environment.
- Packages your revised runtime, and then updates all existing configurations.
How to enable and create an Managed Distribution?
The ActiveState Managed Distribution is an add-on feature only available to Enterprise accounts. After your Managed Distribution has been created, all projects in the distribution will show a “Managed by ActiveState” badge on the Project page in the Platform (as seen below).
All Managed Distributions are private and “read only” to your organization, and are updated on a quarterly basis. To enable your own Managed Distribution contact us.
What are the uses for a Managed Distribution?
- An “All-In-One” Runtime Environment
- A Multi-Project Updater
- Vetting your dependencies from the ActiveState catalog of third-party dependencies to ensure security, maintainability, and appropriate licensing according to your corporate guidelines.
- Securely build your set of required dependencies from source code, including native libraries using our tamper-proof secure build service.
- Offload the task of managing Open Source Dependencies at scale across multiple operating systems and disparate teams to ActiveState.
- Package your set of dependencies for all target operating systems, ensuring reproducible environments that contain only dependencies that work together.
- Optionally make your built dependencies available via our artifact repository for easier management and distribution.
- Maintain a catalog of dependencies and transitive/operating system dependencies over time so you can always reproduce the build.
- Monitor dependencies for vulnerabilities, datedness, and creating a fork with the updated dependencies for you to take at any time. Users with a Managed Distribution can use the “Fork It” feature to create a copy and customize it by removing packages. When ActiveState updates the distribution, all forked projects will be prompted to update.
To find out more about Managed Distributions see the following:
Dependency Vendoring Without The Work – ActiveState Managed Distributions