A modular, layered framework for building secure, reproducible developer environments at scale. Three-tier architecture powered by Vagrant and Ansible.
Secure, reproducible, and customizable — from base OS to project-specific toolchains
From hardened OS images to project-specific toolchains — everything is declarative, reproducible, and secure
Three-tier model — Base, Organization, and Program layers. Each tier inherits and extends the previous through Ansible variable overrides.
Curated catalog of 17+ developer tools — Docker, Kubernetes, Python, Node.js, and more. Security-vetted and version-controlled.
Complete ecosystem for managing vetted open-source packages with automated security scanning, license compliance, and internal mirrors.
CIS-hardened base images with SELinux enforcement, firewall rules, and SSH hardening. No security weakening at higher tiers.
Modern API for programmatic package management, registry operations, and automation. Full CRUD for packages and security metadata.
Command-line interface for package discovery, submission, and management. Search, install, and audit packages from your terminal.
Each layer inherits, extends, and can override the previous — progressive customization with security guarantees
Hardened OS Foundation
Rocky Linux images with CIS security benchmarks, SELinux enforcement, minimal package set, and airgap compatibility. The secure foundation for everything above.
Developer Tools & Standards
Curated App Store with 17+ tools, FOSS package ecosystem with security scanning, and organization-wide spins for consistent environments.
Project-Specific Configs
Project-specific tool versions, custom application stacks, team workflows, and CI/CD integration. Override any setting from lower tiers.
Configuration flows upward: Base defaults → Organization overrides → Program overrides
See DevX in action — building images, configuring apps, and customizing programs
# Build a hardened base image (auto-detects provider)
$ make build-base-rocky10
→ Provider: parallels (Apple Silicon detected)
→ Building Rocky Linux 10 base image...
→ Applying security hardening...
→ SELinux: enforcing
→ Firewall: enabled
✓ Base image ready: packages/base/artifacts/base-rocky10.box
# Build organization spin (auto-builds base if needed)
$ make build-org-standard
→ Using base: base-rocky10.box
→ Installing App Store tools...
→ Setting up FOSS package system...
✓ Organization spin ready
# Run all tests
$ make testDevX scales from individual developers to enterprise organizations
Maintain consistent developer environments across teams. Enforce security policies, manage approved tooling, and support compliance requirements.
Quickly spin up project-specific environments. Inherit organization standards while customizing for project needs. Onboard new members in minutes.
Reproducible development environments isolated from your host. Experiment safely with different tool versions without polluting your machine.
Fully offline-capable with internal package mirrors, pre-packaged dependencies, and local repositories. No internet required after initial setup.
CIS-benchmarked base images, automated security scanning, license compliance tracking, and approval workflows for new packages.
New team members get a fully configured environment with one command. All tools, configs, and access pre-provisioned. Zero setup friction.
Get a fully configured developer environment in under 10 minutes
# Clone the repository
git clone https://github.com/dotbrains/devx.git
cd devx
# Build the base image (auto-detects provider)
make build-base-rocky10
# Build organization spin with developer tools
make build-org-standardPrerequisites: Install Vagrant, VirtualBox (or Parallels on Apple Silicon), and Ansible.
# Create a new program environment
make init-program
# Enter name: my-project
# Start the environment
cd packages/programs/my-project
vagrant up
# SSH in — all tools pre-installed
vagrant ssh
# Verify installed tools
docker --version
kubectl version --client
python3 --version
node --versionTip: Customize your environment by editing ansible/group_vars/all.yml then run vagrant provision
Build secure, reproducible developer environments for your team in minutes