bazel-build-optimization
Warn
Audited by Snyk on Mar 8, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). Yes — the WORKSPACE http_archive entries (e.g., https://github.com/aspect-build/rules_js/releases/download/v1.34.0/rules_js-v1.34.0.tar.gz and https://github.com/bazelbuild/rules_python/releases/download/0.27.0/rules_python-0.27.0.tar.gz) are fetched by Bazel at runtime and contain Starlark/remote code that is executed and required for the build, so they represent runtime external code execution.
Audit Metadata