{"id":18949931,"url":"https://github.com/salesforce/bazel-visibility-tool","last_synced_at":"2026-03-28T04:30:21.325Z","repository":{"id":256568089,"uuid":"852824167","full_name":"salesforce/bazel-visibility-tool","owner":"salesforce","description":"A tool for managing Bazel Visibility at scale","archived":false,"fork":false,"pushed_at":"2024-09-11T12:55:37.000Z","size":153,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-27T13:02:51.803Z","etag":null,"topics":["bazel","bazel-build","bazel-rules","visibility"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/salesforce.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-05T13:45:59.000Z","updated_at":"2024-09-11T13:02:26.000Z","dependencies_parsed_at":"2024-09-11T19:55:56.166Z","dependency_job_id":"b7e3a2a1-1762-4dd3-ba07-f3e27776333e","html_url":"https://github.com/salesforce/bazel-visibility-tool","commit_stats":null,"previous_names":["salesforce/bazel-visibility-tool"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/salesforce%2Fbazel-visibility-tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/salesforce%2Fbazel-visibility-tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/salesforce%2Fbazel-visibility-tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/salesforce%2Fbazel-visibility-tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/salesforce","download_url":"https://codeload.github.com/salesforce/bazel-visibility-tool/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239946915,"owners_count":19723018,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bazel","bazel-build","bazel-rules","visibility"],"created_at":"2024-11-08T13:19:43.386Z","updated_at":"2026-03-28T04:30:21.238Z","avatar_url":"https://github.com/salesforce.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Visibility Tool for Bazel\n\nBazel has a built-in way to manage the dependency graph.\nYou can read more about [Bazel Visibility here](https://bazel.build/concepts/visibility).\n\nHowever, in a large workspace, things can get overwhelming very quickly.\nThis is where the Visibility Tool comes to the rescue.\n\nThe Visibility Tool provides the following features:\n\n1. Centralized definition of visibility layers and dependency rules using Starlark.\n2. Centralized allow and block list management.\n3. Reporting of violation in [SARIF](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html) format.\n4. Tools for querying and extracting group and membership information.\n\nIt's very helpful when you are dealing with a large legacy code base where it's not always easy or desirable to move code around for easier visibility management with Bazel.\n\n## Usage\n\n### Setup in WORKSPACE\n\nPlease see the GitHub releases for snippet how to embed into `WORKSPACE` or `MODULE.bazel` file.\n\nNote, there are a few important conventions that should be followed:\n\n1. Use `@bazel_visibility_tool` as the external repository name\n\n2. Create your visibility tools in package `//tools/build/visibility` in the `BUILD.bazel` file.\n\nIf you don't follow these the world will not end but you will run into a few issues because some defaults don't work out of the box.\n\n### Invoke CLI\n\n```shell\n\u003e bazel run @bazel_visibility_tools//:cli -- --help\n...\n\ntbd.\n```\n\n## Concepts\n\nIn order to use the tool you need to familiarize yourself with a few concepts.\n\nThe Visibility Tools exists to assist with Bazel's [Visibility concept](https://bazel.build/concepts/visibility).\nIt focuses on target visibility assistance.\nIn order to provide assistance the tool relies on a few assumptions and conventions.\n\n- Bazel targets/packages are organized in groups (Visibility Groups).\n\n- Each target of a group must use programmatic way to compute its `visibility` attribute value.\n  For third party dependencies integration to `bazel_maven_deps` is available.\n\n- Visibility must be explicitly granted.\n  The default is subpackages, i.e. targets are only visible within the package and its subpackages.\n\n- The Visibility Tool can query up-to-date group and membership information.\n\n### Visibility Groups (aka. Layers \u0026 Components)\n\nVisibility groups are used to define applications, layers and components in a Bazel workspace.\nYou can define any logical grouping you want.\nThey organize code into logical components.\n\nVisibility groups define metadata for generating package groups as well as looking up group membership for targets at analysis time.\n\nEach Bazel package (and target) must be listed in at most one visibility group.\nThis allows to reduce cognitive load and avoid dealing with complicated AND, OR, XOR or XAND situations.\nIt also makes it easier to read the rules.\nThey can rely on visibility being explicit.\n\nIn addition to regular package groups, visibility groups also allow to group external repositories.\nHowever, their use is limited as they won't be represented in Bazel as a package group.\nThey can be used for membership lookup at analysis time, which allows to compute their `visibility` attributes.\n\nVisibility is defined in the context of a group, i.e. each group defines which other groups it is visible to.\nThis enforces the architecture to be defined at once, i.e. it is not possible to extend visibility dynamically.\n\nVisibility groups and their visibility are defined in Starlark like this:\n\n```starlark\n\nvisibility_group(\n    name = \"app-frontend-api\",\n    visible_to = [\n        # to any other api module in the frontend\n        \"app-frontend-api\",\n    ],\n)\n\nvisibility_group(\n    name = \"app-frontend-internal\"\n)\n\nvisibility_group(\n    name = \"app-frontend-tests\"\n)\n\nvisibility_group(\n    name = \"app-backend-api\"\n    visible_to = [\n        # to any other api module in the backend\n        \"app-backend-api\",\n    ],\n)\n\nvisibility_group(\n    name = \"app-backend-internal\"\n)\n\nvisibility_group(\n    name = \"app-backend-tests\"\n)\n\nvisibility_group(\n    name = \"app-shared-libraries\"\n    visible_to = [                  \n        # visibile to any target in the entire app layer (it is required to be explicit here, no wildcards)\n        \":app-frontend-api\",\n        \":app-frontend-internal\",\n        \":app-frontend-test\",\n        \":app-backend-api\",\n        \":app-backend-internal\",\n        \":app-backend-test\",\n    ],\n)\n\nvisibility_group(\n    name = \"app-shared-libraries-tests\"\n)\n\nvisibility_group(\n    name = \"test-utilities\"\n    visible_to = [\n        # visible to any test group and the within test-utilities group\n        \":test-utilities\",\n        \":app-frontend-tests\",\n        \":app-backend-tests\",\n        \":app-shared-libraries-tests\",\n    ],\n)\n\n# defining a group for external libraries we don't want to allow anyone to depend on\nvisibility_group(\n    name = \"forbidden-external-libraries\"\n    visible_to = [], # not visibile to any other group (can be omitted, empty list is the default)\n    visibility_allow_list = \"//tools/build/visibility/allowlists:forbidden_libraries\",  # a managed allowlist with package names\n)\n\n# define additional information for bazel_maven_deps integration to apply visibility to selected targets\nmaven_deps_visibility_info(\n    group = \":forbidden-external-libraries\",\n    include_patterns = [\n        \"@*lombok*\",\n        \"@org_reflections*\",\n    ],\n)\n```\n\nThe `name` will be used to identify the visibility group when computing the `visibility` for a specific target.\n\nVisibility groups will be mapped to package groups (`package_group`) by the Visibility Tool.\nThe Visibility Tool need to be executed whenever the build graph changes to refresh the package groups.\n\nThe `visible_to` list contains a list of group labels to which the group will be made visible to.\n\nThe `visibility_allow_list` is label reference to a `package_group` providing additional visibility.\nThis is useful in case you want to prohibit access in general but have some legacy code.\nThe visibility tool (together with buildozer) can be used to manage those lists.\nIt has build in support for querying the build graph and re-computing the allow lists.\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsalesforce%2Fbazel-visibility-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsalesforce%2Fbazel-visibility-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsalesforce%2Fbazel-visibility-tool/lists"}