CSOonline

Bazel PoC attack highlights transitive vulnerability risk in custom GitHub Actions

A dependent action in Bazel could permit malicious code injection into a GitHub Actions workflow, highlighting risk from third-party dependencies. Security researchers demonstrated a software ...
TechCrunch

Aspect Build gets $3.85M to help developers create software with Bazel

Monorepos are becoming an increasingly popular way to manage source code, but they require a slightly different toolset. Google developed its own internal build and test tool on top of its monorepo ...