ActiveState

ActiveState Software Inc. is a Canadian software company that develops and supports tools for managing open source software in enterprise environments. The company provides solutions for automated vulnerability management, container security, and software supply chain security. ActiveState delivers secure containers and language runtimes that development teams can incorporate into their software development lifecycle (SDLC), and its platform is designed to help DevSecOps teams automatically identify, prioritize, and remediate vulnerabilities in open source components, and to manage dependencies across programming languages.

ActiveState Software Inc.

Company type	Private
Industry	Computer software
Founded	1997
Headquarters	Vancouver, British Columbia , Canada
Area served	Global
Key people	Stephen Baker (CEO)
Products	ActiveState Platform, ActivePerl, ActivePython, ActiveTcl, Komodo IDE
Number of employees	>60
Website	activestate.com

As of 2025, ActiveState reports serving approximately 94,000 monthly active users and supporting more than 40 million open source libraries. The company states that its platform is compliant with the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF).^[1]

ActiveState is privately held and jointly owned by its employees and Vertu Capital, a Canadian private equity firm.^[2][3]

History

ActiveState Software Inc. was founded in 1997 in Vancouver, British Columbia, Canada, by Dick Hardt, David Ascher, and others, with the goal of adapting open source programming languages for commercial use. The company became known for commercial distributions of languages such as Perl, Python, and Tcl for Windows and enterprise platforms.^[4]

In 2003, the company was acquired by British security software firm Sophos, a UK-based security software company, and operated as a wholly owned subsidiary.^[5] In January 2006, ActiveState was purchased by Pender Financial Group, a Canadian investment company.^[6]

In early 2021, ActiveState received a strategic investment from Turn/River Capital, a San Francisco-based private equity firm.^[7] On November 7, 2023, the company was acquired by Vertu Capital, a Canadian private equity firm, and became jointly owned by Vertu Capital and ActiveState employees.^[8]

Subsidiaries

• Phenona: In June 2011, ActiveState Software Inc. announced the acquisition of Phenona.^[9][10]
• Appsecute Limited: In June 2013, ActiveState Software Inc. announced the acquisition of Appsecute.^[11] The acquisition would become ActiveState's strategy to pair Appsecute with Stackato.^[12]

Products

ActiveState platform overview

The ActiveState Platform is a cloud-based platform for building, managing, and securing open source software components across multiple programming languages. It automates the process of compiling packages from source code, implements the Supply Chain Levels for Software Artifacts (SLSA) security framework, and provides tools for vulnerability detection, risk prioritization, and remediation.^[13]

The platform is delivered as a managed service in which ActiveState oversees the building, updating, and maintenance of open source components on behalf of its users. It can generate secure container images, manage dependencies, and create software bills of materials (SBOMs) in SPDX and CycloneDX formats. The managed model is intended to reduce the operational burden on development teams by handling security patching, compliance requirements, and dependency updates centrally.

According to the company, the platform supports over 40 million open source components and is used by approximately 94,000 monthly active users.^[14]

Secure containers

In 2024, ActiveState introduced Secure Containers, a set of prebuilt, zero–known-vulnerability container images for popular programming languages. The images are rebuilt nightly with signed SBOMs and attestations, and critical security vulnerabilities are remediated within seven days.^[15]

Secure Containers are distributed through Docker Hub^[16] and are available for languages including are available for languages including Python, Java, Node.js, Go, .NET Core, Rust, Perl, PHP, and for common utilities such as curl, wget, and bash. A static base image is also available. Customers can request customization of a non-production container for evaluation purposes.^[17]

State tool

The State Tool is a command-line utility included with the ActiveState Platform. It allows users to manage programming language runtimes and dependencies, create and share reproducible development environments, and integrate ActiveState's services into automated build and deployment workflows.^[18]

The tool is also used for managing Python projects and environments, including creating isolated development setups and handling package installation from source.^[19]

Language distributions

ActiveState continues to offer commercial distributions of programming languages, which are integrated into the ActiveState Platform. These include:

• Python distribution for multiple operating systems.^[20]
• Perl distribution for Windows, macOS, and Linux.^[21]
• Tcl distribution for enterprise environments.^[22]
• Ruby distribution for cross-platform development.^[23]
• Go distribution for building cloud-native and system-level applications.^[24]
• Java distribution for general-purpose and enterprise development.^[25]
• R distribution for statistical computing and data analysis.^[26]

These distributions were among the company's first products and remain part of its core offerings.

Former products

ActiveState has developed several products that have since been discontinued or transferred:

• Komodo IDE and Komodo Edit: Source code editors for dynamic and web languages. In 2021, ActiveState released Komodo IDE as open source software.^[27]
• Stackato: A platform-as-a-service (PaaS) product based on Cloud Foundry. Hewlett Packard acquired Stackato in 2015.^[28]
• Perl Dev Kit (PDK)^[29] and Tcl Dev Kit (TDK):^[30] Toolkits for application development in Perl and Tcl, respectively, which have been discontinued.

Enterprise CI/CD

ActiveState confirmed that its Enterprise CI / CD Survey is available for participation by 2020. Based on how businesses commonly utilize CI / CD and how they address software runtime and create issues, the study is part of ActiveState's ongoing initiatives to promote the development of open-source technology.^[31]

Media presence and industry engagement

ActiveState regularly participates in industry media, webinars, and podcasts focused on topics such as software supply chain security, automated vulnerability management, and DevSecOps practices. The company has collaborated with technology media platforms including TechStrong TV, where executives and technical staff have discussed subjects ranging from balancing security with development speed to addressing technical debt.^[32]

Notable appearances include:

• From Vulnerable to Unbreakable: Container Security for Open Source Simplified — A webinar exploring the advantages and risks of using open source in containers.^[33]
• Streamlined Open Source: Innovation Without Bottlenecks — a microwebinar series about how ActiveState helps DevSecOps teams eliminate the complexities of managing open source^[34]

ActiveState also publishes content on its own channels, including blogs, videos, and white papers, and has partnered with distributors such as Carahsoft^[35] and Aquion^[36] to deliver its solutions to government agencies and independent software vendors.

Awards and recognition

In 2025, ActiveState was recognized by ComponentSource in its annual awards as a "Top Global Innovator" and a bestselling publisher.^[37] The company had previously been named a "Top 25 Publisher" by ComponentSource in 2021.^[38]

ActiveState executives have also received individual recognition. In 2024, Chief Executive Officer Stephen Baker was named among the "Top 50 Software CEOs" by The Software Report.^[39] In the same year, Chief Marketing Officer Allyson Barr was included in the publication's list of "Top 50 Women Leaders in Software."^[40]