Data Sheet: ActiveState Platform’s Hosted Artifact Repository
Python wheels are rarely updated in development and test systems unless a critical vulnerability is encountered. However, with the increasing rate of software supply chain attacks targeting development environments, unaddressed vulnerabilities can expose organizations to undue risk
This datasheet explains how the ActiveState Platform automates the maintenance of Python wheels and populates them in the HAR (Hosted Artifact Repository) instances for each team or project. Learn how HARs can significantly improve the security of your development environments without incurring significant time and resource costs.
An artifact repository is a software storage system that acts as a source for the code artifacts required by your software teams and systems. For example, it may contain third-party source code components imported from a public repository, as well as the packages built from those components.
Artifact repositories provide software development organizations with a number of advantages, such as:
- Providing a walled garden of software that conforms to the organization’s security and compliance policies.
- The ability to standardize development on a common set of artifacts and third-party components, which ensures against “works on my machine” issues.
- Build provenance, in which each built artifact can be fully traced back to their original components.
The ActiveState Platform Hosted Artifact Repository (HAR) works in much the same way, providing your organization with securely built Python wheels for the operating system(s) your developer and DevOps teams require.
Python Wheels Made Easy & Secure
Development teams typically work with the operating system of their choice, which means that organizations need to accommodate Windows, macOS and Linux. However, the Python Package Index (PyPI) rarely provides wheels for all three major operating systems. This can pose a number of challenges for organizations, including the facts that:
- Importing pre-built wheels is a security risk, since PyPI does not provide signed wheels. Thus, there is no guarantee that the author is actually who they claim to be, or that the build doesn’t contain malicious code.
- Building wheels from source code for all three major OS’s requires the creation and maintenance of multiple build systems, increasing time and resource costs.
- Maintaining wheels over time acts as a drag on the productivity of development teams, slowing down releases.
The ActiveState Platform provides a universal build system for Python that can automatically build wheels for Windows, macOS and Linux securely, and then populate them in your own HAR instance for each team or project, or even act as the source of truth for all of your organization’s needs.
Developers and DevOps can then work with standard tooling like pip to install and manage the packages they require from an approved set of Python wheels.
Python Wheel Maintenance
Updating, rebuilding and redeploying Python wheels as new versions are introduced by maintainers to address bugs and vulnerabilities can act as a drag on developer productivity. For this reason, wheels are rarely updated in development and test systems unless a critical vulnerability is encountered.
However, with the increasing rate of software supply chain attacks targeting development environments, unaddressed vulnerabilities can expose organizations to undue risk.
The ActiveState Platform automates the maintenance of Python wheels by providing the ability to:
- Find vulnerable packages, dependencies, and/or transitive or OS-level dependencies, fix them by selecting a non-vulnerable version, and then rebuild and repopulate the HAR with a secure version of the wheel(s).
- Automatically build Python wheels from source code for Windows, macOS and Linux, including linked C and Fortran libraries, allowing even a junior developer to address vulnerabilities in minutes without the need for either Python or operating system expertise.
As a result, Mean Time To Remediation (MTTR) of vulnerabilities can be reduced to minutes, allowing organizations to significantly improve the security of their development environments without incurring significant time and resource costs.
ActiveState Platform: Universal Package Management
The ActiveState Platform is a universal package management solution for Python, Perl and Tcl. It provides unified tooling, advanced dependency management, environment reproducibility and automated vulnerability remediation as a hosted service that fits with your existing development workflow.
You can try the ActiveState Platform by signing up for a free account at platform.activestate.com
ActiveState is the de-facto standard for millions of developers around the world who have been using our commercially-backed, secure open source language solutions for over 20 years. With the ActiveState Platform, developers can now automatically build their own Python, Perl or Tcl Environments for Windows, Linux or Mac—all without requiring language or operating system expertise.
How to try the ActiveState Platform for your Python, Perl and Tcl projects?
Developers can sign up for our Platform and use it to build a runtime environment for their Python or Perl projects right away. Or they can install it via the command line using the snippet provided here.