Skip to content
bz

bz

Manage MODULE.bazel dependencies, query registries, scan for vulnerabilities, and streamline your Bazel workflow
Get Started CLI Reference GitHub

What is bz?

bz is a CLI tool for managing Bazel modules (Bzlmod). It helps you manage MODULE.bazel dependencies, query the Bazel Central Registry, analyze your dependency graph, and ensure security compliance.

Terminal window
# Quick start
bz init --name=my_project        # Initialize module
bz mod add rules_go@0.50.1       # Add dependencies
bz mod list                      # List dependencies
bz mod graph                     # Visualize dependency tree
bz audit                         # Scan for vulnerabilities

Features

Dependency Management

Add, remove, update, and search for Bazel modules. Check for outdated dependencies and update them with a single command.

Dependency Analysis

Visualize your dependency graph in ASCII, DOT, Mermaid, or JSON. Understand why modules are included with bz mod why.

Security & Compliance

Scan for vulnerabilities with OSV integration. Check license compliance. Generate SPDX and CycloneDX SBOMs.

Air-gap Support

Full offline mode with local cache. Download dependencies for air-gapped environments. Verify cache completeness.

Registry Sync

Mirror modules from BCR to internal registries. Starlark-based configuration for complex sync workflows.

Developer Experience

Shell completions, JSON output for scripting, environment diagnostics with bz doctor, colored output.

Quick Examples

Manage Dependencies

Terminal window
bz mod add rules_go@0.50.1 rules_python@0.35.0
bz mod rm rules_go
bz mod update
bz mod outdated

Analyze Dependencies

Terminal window
bz mod graph                     # ASCII tree
bz mod graph --format=dot | dot -Tpng -o deps.png
bz mod stats                     # Dependency statistics
bz mod why protobuf              # Why is protobuf included?

Security & Compliance

Terminal window
bz audit                         # Vulnerability scan
bz audit --severity=high         # Only high/critical
bz mod licenses                  # List all licenses
bz mod licenses --check --deny=GPL-3.0
bz sbom --format=cyclonedx       # Generate SBOM

Offline/Air-gapped Usage

Terminal window
bz cache download                # Download dependencies
bz cache verify                  # Verify cache
bz mod list --offline            # Use cache only

Command Reference

CommandDescription
bz initInitialize a new MODULE.bazel
bz mod addAdd dependencies
bz mod rmRemove dependencies
bz mod listList dependencies
bz mod infoShow module information
bz mod updateUpdate dependencies
bz mod outdatedCheck for updates
bz mod searchSearch registry
bz mod graphDependency graph
bz mod statsDependency statistics
bz mod whyExplain dependency path
bz mod licensesLicense information
bz mod syncSync registries
bz auditVulnerability scan
bz sbomGenerate SBOM
bz cache downloadDownload to cache
bz cache verifyVerify cache
bz cache statsCache statistics
bz cache clearClear cache
bz doctorEnvironment diagnostics
bz registry pingTest connectivity
bz completionShell completions
bz versionVersion info

Use Cases

Air-gapped Setup

Use bz in environments without internet access. Download dependencies, transfer them, and work offline.

Read guide

Security Pipeline

Integrate vulnerability scanning and license compliance into your CI/CD pipeline.

Read guide

Mirror BCR

Create a local mirror of Bazel Central Registry for faster builds and reliability.

Read guide