Speakers
Sign up now
Register
Speakers
Schedule
Want to stay in the loop?
Sign up for our newsletter.
Join us for the Bay Area Bazel Meet-up for a technical deep dive into enhancing your scanning process and optimizing your development workflow.
Scanning a monorepo with traditional SCA tools is often inefficient, resulting in hours of scanning and numerous irrelevant results due to the lack of incremental scanning capabilities.
Endor Labs addresses this issue by offering native support for Bazel and monorepo. In this session, Alexandre will discuss the benefits of using Endor Labs as your SCA tool with Bazel, focusing on:
- Utilizing Bazel's native query for analysis
- Improving data accuracy compared to traditional SCA tools with reachability
- Performing incremental scans of your monorepo with Bazel and Endor Labs
Gazelle started out as a generator for Go targets in Bazel's BUILD files. It has grown to cover more languages, but the API for authoring extensions is in Go only, and requires end-users to recompile a go_binary in order to run the tool.
Aspect's CLI has a built-in Gazelle generator behind the 'configure' verb. In this talk I present a new capability of `aspect configure`: the ability to author BUILD file generation logic in Starlark, the same language used to write Bazel extensions such as rules and macros. I'll show some examples and explain how this benefits devinfra teams and product developers.
Sign up for our newsletter.
Integrate Microsoft Defender for Cloud with Endor Labs for reachability analysis and attack path visibility — available natively within the Defender for Cloud console. Prioritize what to fix without switching tools.
Click to read
The Cyber Resilience Act (CRA) sets mandatory security requirements for hardware and software. This blog covers key compliance objectives, challenges with OSS vulnerabilities, and best practices for maintaining security throughout the product life cycle.
Click to read
Get key insights from the 2024 Dependency Management webinar with Darren Meyer and Henrik Plate. We discuss how to prioritize vulnerabilities, navigate breaking changes, and leverage public vulnerability databases effectively.
Click to read
This blog covers key steps to simplify FedRAMP vulnerability management, helping you reduce risks and meet compliance timelines. It also provides practical tips to empower developers and streamline fixes for a smoother FedRAMP process.
Click to read
GitHub Actions are open source dependencies - secure them accordingly! Learn how to effectively manage the security risks associated with GitHub Actions with a proactive approach focusing on three key areas: visibility, hardening, and dependency management.
Click to read
Explore the five key categories of reachability and their practical applications in AppSec and development. Learn the differences between SCA and container scanning, and understand how various tools like Function-Level Reachability, Package Baselining, and Internet Reachability play crucial roles in identifying and prioritizing security risks.
Click to read
Explore the challenges of modern vulnerability management and the efficiency of the Vulnerability Exploitability eXchange (VEX) in our latest blog post. Learn how VEX helps identify and communicate the true exploitability of vulnerabilities, streamlining cybersecurity efforts in the face of overwhelming scanner findings.
Click to read