Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Cisco Talos Releases Open Source Dependency Build Automation Tool

Cisco Talos this week released a new tool designed to make it easier to create complex applications that have lengthy dependency chains.

Called Mussels, the cross-platform, general-purpose dependency build automation tool allows software developers to easily download, build, and assemble app dependencies.

Cisco Talos this week released a new tool designed to make it easier to create complex applications that have lengthy dependency chains.

Called Mussels, the cross-platform, general-purpose dependency build automation tool allows software developers to easily download, build, and assemble app dependencies.

The tool’s creator is Micah Snyder, a Cisco Talos researcher and developer at ClamAV, Cisco’s cross-platform and open source antivirus toolkit. The tool was initially developed with a focus on building dependencies for ClamAV on Windows.

Mussels aims to eliminate the need to write all new CMake, Meson, Bazel, XCode, or Visual Studio project files. Instead, it allows users to write and share “recipes” to take advantage of original build systems intended by the authors of external library dependencies.

These recipes are YAML files providing information on how a given library or application can be built. It includes details on the location of the software source archive, other recipes the software depends on, tools required to build the software, and commands to run when performing the build.

Developers can define tools in YAML, and both recipes and tools can be shared in Git repositories referred to as “cookbooks.” These repositories can be either public or private, or can be local directories containing recipe and tool YAML files.

Recipes require tools to run and an error message will be displayed if the required tools are missing. Thus, developers will be able to install the tool for that recipe to build.

Available in Cisco Talos’ GitHub repository, Mussels includes support for macOS, Linux/Unix, and Windows operating systems. It was designed to support building C-based application libraries, but can be extended to build and assemble any software package, its creator explains.

Mussels requires Python 3.6 or newer and Git (must be added to the PATH environment variable). It also needs an Internet connection to use the public Mussels cookbooks, and a connection is also needed to download source archives from the URLs defined in each recipe.

Related: New GitHub Security Lab Aims to Secure Open Source Software

Related: GitHub Helps Developers Keep Dependencies Secure via Dependabot

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...