A CLI for Bzlmod - Bazel's module system.
Manage MODULE.bazel dependencies, query the Bazel Central Registry, and streamline your Bazel module workflow.
- Module Management - Add, remove, list, and update dependencies in MODULE.bazel
- Dependency Insights - Visualize dependency graphs, analyze why modules are included
- Security Scanning - Audit dependencies for vulnerabilities, check license compliance
- SBOM Generation - Generate SPDX or CycloneDX software bills of materials
- Air-gap Support - Full offline mode with local cache for disconnected environments
- Registry Sync - Mirror modules from BCR to internal registries with Starlark config
go install github.com/albertocavalcante/bz@latestOr download a binary from Releases.
# Initialize a new module
bz init --name=my_project
# Add dependencies
bz mod add rules_go@0.50.1 rules_python@0.35.0
# Check for updates
bz mod outdated
# Update all dependencies
bz mod update
# View dependency graph
bz mod graph
# Scan for vulnerabilities
bz audit| Command | Description |
|---|---|
bz init |
Initialize a new MODULE.bazel file |
bz mod add |
Add dependencies |
bz mod rm |
Remove dependencies |
bz mod list |
List all dependencies |
bz mod info |
Show module information from registry |
bz mod update |
Update dependencies to latest versions |
bz mod outdated |
Check for newer versions |
bz mod search |
Search for modules in registry |
bz mod sync |
Sync modules between registries |
bz mod graph |
Display dependency graph |
bz mod stats |
Show dependency statistics |
bz mod why |
Explain why a module is included |
bz mod licenses |
Show license information |
bz audit |
Scan for vulnerabilities (via OSV) |
bz sbom |
Generate SBOM (SPDX/CycloneDX) |
bz cache download |
Download modules to local cache |
bz cache verify |
Verify cache completeness |
bz cache clear |
Clear local cache |
bz doctor |
Check Bazel/bzlmod setup |
bz registry ping |
Test registry connectivity |
bz completion |
Generate shell completions |
Run bz <command> --help for usage details, or see the CLI Reference.
bz reads configuration from TOML files and environment variables:
| Location | Purpose |
|---|---|
~/.config/bz/config.toml |
User configuration |
.bz.toml |
Project configuration |
[network]
mode = "prefer-offline"
registry = "https://bcr.bazel.build"
timeout = "30s"
[cache]
dir = "~/.cache/bz"
ttl = "24h"See the Configuration Guide for environment variables, precedence rules, and Starlark-based config.
See CONTRIBUTING.md to get started.
Licensed under either of Apache License, Version 2.0 or MIT license at your option.