makes: DevSecOps framework
Makes
A software supply chain framework powered by Nix.
Ever needed to run applications locally to try out your code? Execute CI/CD pipelines locally to make sure jobs are being passed. Keep execution environments frozen for strict dependency control against supply chain attacks. Know the exact dependency tree of your application? Well, we have!
Makes is an open-source, production-ready framework for building CI/CD pipelines and application environments. It cryptographically signs direct and indirect dependencies, supports a distributed and completely granular cache, runs on Docker, VMs, and any Linux-based OS can be installed with just one command and can be extended to work with any technology.
The goal of Makes is to provide an immutable software supply chain while keeping technical implementation as simple as possible.
Why
Designing a fast, reliable, reproducible, easy-to-use CI/CD system is no easy task.
While there are free and paid tools in the market like: Ansible, APT, Apache Ant, Apache Maven, Buck, Chef, Docker, Gradle, Grunt, Gulp, Maven, GNU Make, Leiningen, NPM, pip, Packer, Rake, RPM, sbt, SCons, and yum:
-
Real-world production systems are composed of several programming languages.
Tools normally focus only 1.
-
Real-world production systems contain hundreds of thousands of dependencies:
- Compilers
- Shared-Object libraries (.so)
- Runtime interpreters
- Configuration files
- Vendor artifacts
- Accounts / Credentials / Secrets
Tools normally cannot fetch, configure, or set up such dependencies in an easy, automated, secure way. They just build or install.
-
Real-world production systems have tens to hundreds of developers. They work across the globe from different machines, stacks, and operative systems.
Tools normally cannot guarantee all of them an exactly equal, comfortable developing environment.
-
Real-world production systems have tens to thousands of production servers that need to be deployed to.
Tools normally cover the: How to build? and not the: How to deploy? (or the other way around).
-
Real-world production systems are made of several micro-components that one need to orchestrate correctly, or fix Sunday morning, instead of sharing with family ⛱️.
-
Real-world production systems need to be reliable and 100% available.
But how with so much friction?
You can use Nix instead, which features:
-
A single build-tool for everything
-
Easy, powerful, modular and expressive dependency declaration. From compilers to vendor artifacts.
-
Guarantees each developer an exact, reproducible, comfortable environment in which to build and run stuff. Isolating as much as possible, reducing a lot of bugs along the way.
-
Defines a way for you to deploy software perfectly.
-
And therefore helps you build reliable and 100% available systems.
So, if Nix is that powerful: Why Makes, then?
-
Makes is specialized in creating CI/CD systems that deliver reliable software to your end-users.
-
Makes incorporates common workflows for formatting, linting, building, testing, managing infrastructure as code with Terraform, deploying to Kubernetes clusters, creating development environments, etc. You can enable such workflows in a few clicks, with as little code as possible, in many providers.
-
Makes hides unnecessary boilerplate and complexity so you can focus in the business: Adding value to your customers, daily!
Goal
- ? Simplicity: Easy setup with a laptop, Docker, GitHub Actions, GitLab CI, Travis CI, Circle CI, and more!
- ? Sensible defaults: Good for all projects of any size, out-of-the-box.
- ? Reproducibility: Any member of your team builds and gets exactly the same results.
- ?? Dev environments: Any member of your team with the required secrets can execute the entire CI/CD pipeline.
- ? Performance: A highly granular caching system so you only have to build things once.
Extendibility: You can add custom workflows, easily.
Extendibility: You can add custom workflows, easily.Install & Use
Copyright 2021 Fluid Attacks and contributors
