Data Sheet: ActiveState Artifact Repository
Python wheels are a preferred way for development teams to install Python packages quickly and ensure they work for multiple operating systems. ActiveState’s Artifact Repository automates the maintenance of Python wheels, populating your team’s instances with securely built Python packages, so you can improve security of your development environments without incurring significant time and resource costs.
ActiveState’s artifact repository is a software storage system that acts as a registry for the code artifacts required by your software teams and systems. For example, it may contain the packages built from third-party source code components imported from a public repository.
Artifact repositories provide software development organizations with a number of advantages, such as:
- Providing a walled garden of software that conforms to the organization’s security and compliance policies.
- The ability to standardize development on a common set of artifacts and third-party components, which ensures against “works on my machine” issues.
- Build provenance, in which each built artifact can be fully traced back to their original components.
The ActiveState Artifact Repository (AAR) works in much the same way, providing your organization with securely built Python wheels for the operating system(s) your developer and DevOps teams require.
Python Wheels Made Easy & Secure
Development teams typically work with the operating system of their choice, which means that organizations need to accommodate Windows, macOS, and Linux. However, the Python Package Index (PyPI) rarely provides wheels for all three major operating systems, which is a shame since they install far faster than source distributions, and are the best way to ensure that package installation always works. And yet Python wheels can pose a number of challenges for organizations due to the fact that:
- Importing pre-built wheels is a security risk, since PyPI does not provide signed wheels. Thus, there is no guarantee that the author is actually who they claim to be, or that the build doesn’t contain malicious code.
- Building wheels from source code for all three major OS’s requires the creation and maintenance of multiple build systems, increasing time and resource costs.
- Maintaining wheels over time acts as a drag on the productivity of development teams, slowing down releases.
The ActiveState Platform provides a universal build system for Python that can automatically build wheels for Windows, macOS, and Linux securely, and then populate them in your own AAR instance for each team or project, or even act as the source of truth for all of your organization’s needs.
Developers and DevOps can then work with standard tooling like pip to install and manage the packages they require from an approved set of Python wheels.
