Cisco Talos this week released a new tool designed to make it easier to create complex applications that have lengthy dependency chains.
Called Mussels, the cross-platform, general-purpose dependency build automation tool allows software developers to easily download, build, and assemble app dependencies.
The tool’s creator is Micah Snyder, a Cisco Talos researcher and developer at ClamAV, Cisco’s cross-platform and open source antivirus toolkit. The tool was initially developed with a focus on building dependencies for ClamAV on Windows.
Mussels aims to eliminate the need to write all new CMake, Meson, Bazel, XCode, or Visual Studio project files. Instead, it allows users to write and share “recipes” to take advantage of original build systems intended by the authors of external library dependencies.
These recipes are YAML files providing information on how a given library or application can be built. It includes details on the location of the software source archive, other recipes the software depends on, tools required to build the software, and commands to run when performing the build.
Developers can define tools in YAML, and both recipes and tools can be shared in Git repositories referred to as “cookbooks.” These repositories can be either public or private, or can be local directories containing recipe and tool YAML files.
Recipes require tools to run and an error message will be displayed if the required tools are missing. Thus, developers will be able to install the tool for that recipe to build.
Available in Cisco Talos’ GitHub repository, Mussels includes support for macOS, Linux/Unix, and Windows operating systems. It was designed to support building C-based application libraries, but can be extended to build and assemble any software package, its creator explains.
Mussels requires Python 3.6 or newer and Git (must be added to the PATH environment variable). It also needs an Internet connection to use the public Mussels cookbooks, and a connection is also needed to download source archives from the URLs defined in each recipe.
Related: New GitHub Security Lab Aims to Secure Open Source Software
Related: GitHub Helps Developers Keep Dependencies Secure via Dependabot
