Munich Bazel Build Meetup 2026: Tackling Supply Chain Security and Monorepo Scalability¶

Following a phenomenal annual EngFlow company summit, the Bazel community gathered at the Salesforce offices in Munich for an evening dedicated to expanding the boundaries of build systems, developer tooling, and software supply chain integrity.

With a keynote analyzing the complexities of SLSA 3 and technical lightning talks spanning Bazel integrations, IDE optimization, and parallelization, the event showcased how top-tier teams are solving today's hardest platform engineering problems.

If you missed the live event, we’ve aggregated the core architectural takeaways in this post.

Keynote: The Inconvenient Laws of Supply Chain Security (SLSA 3)¶

Speaker: Ulf Adams, EngFlow

Achieving Supply Chain Levels for Software Artifacts (SLSA) compliance is often marketed as a checklist item. In his keynote, Ulf Adams spoke about the hard architectural realities of reaching SLSA 3 compliance.

Ulf focused on the "inconvenient truths" that engineering organizations face when moving from theoretical security to production-grade hermeticity:

The non-falsifiability dilemma: To satisfy SLSA 3, provenance must be generated by the build infrastructure, not the build process itself. If a malicious actor compromises your build script, they shouldn't be able to forge the provenance.
The cost of isolation: True build isolation requires ephemeral, hardened environments. Ulf discussed the performance overhead this introduces and how to mitigate it using advanced caching strategies without violating security boundaries.
The verification bottleneck: It’s not enough to generate signed provenance; downstream deployment pipelines must strictly enforce it. Ulf challenged the audience to think of security not as a blocker, but as an immutable property of the build graph.

Technical Lightning Talks: Deep Dives¶

Deploying Bazel Targets as Portable Executables with `rules_appimage`¶

Speaker: Laurenz Altenmueller, Fernride

Bazel excels at building highly reproducible binaries locally, but distributing those binaries to heterogeneous Linux environments can be challenging due to the complex structure of where the required files reside in Bazel’s output base.

Laurenz introduced rules_appimage. By leveraging the AppImage format directly within the Bazel dependency graph, this ruleset bundles the executable and all its declared dependencies into a single, compressed, self-mounting executable. The result? True "build once, run anywhere" portability for Linux binaries without requiring a container runtime like Docker.

IDE Support and Developer Tooling in Monorepos Using Bazel¶

Speaker: Markus Hofbauer, Zipline

As monorepos scale to millions of lines of code, IDEs often buckle under the weight of indexing the entire codebase, leading to lagging completion, high memory consumption, and "red squigglies."

Both developers and IDEs often rely on tools being available on the PATH which goes against Bazel’s goal to be fully hermetic. Installing these tools separately on the system introduces additional maintenance requirements. To tackle this, Markus shared a methodology that ensures the exact same tools and toolchains managed by Bazel are also used by the local development environment and IDEs by combining existing solutions like Fabian’s project bazel_env.bzl. The key takeaway was moving away from full-project indexing toward on-demand target loading and leveraging Bazel’s build graph data to feed the IDE precisely what it needs, keeping local loops fast and lightweight. To learn more, check out this open-source demo project: https://github.com/hofbi/bazel-ide.

How I Tried to Produce OTel Traces out of BEP¶

Speaker: Joseph Gette, Datadog

Troubleshooting slow builds and flaky tests in a massive distributed build environment requires deep observability. While Bazel emits a wealth of data via the Build Event Protocol (BEP), parsing it to find bottlenecks has historically been painful.

Joseph walked through an architectural experiment: mapping BEP events directly to OpenTelemetry (OTel) traces. By translating Bazel targets and actions into OTel spans, complex build pipelines can be visualized in distributed tracing tools like Jaeger or Honeycomb, making build bottlenecks as easy to debug as production microservices.

Metals: A "Fast, Correct — Choose Two" Approach to IDE Support for AI-Powered JVM Monorepos¶

Speakers: Krzysztof Romanowski & Tomasz Godzik, VirtusLab

Traditional IDE architectures force a trade-off: you can have fast feedback (which is often inaccurate in massive monorepos) or correct feedback (which requires a slow, blocking compilation step). Add AI code-generation tools to the mix, and the demand for instant semantic correctness skyrockets.

The speakers showcased how Metals (the Scala and Java language server) breaks this dichotomy. By using thin, optimized compiler interfaces and aggressive internal caching, Metals delivers lightning-fast, highly accurate language server diagnostics tailored specifically for massive, AI-assisted JVM codebases.

Compiler-Agnostic Frontend Parallelization¶

Speaker: Damien Buhl, EngFlow

AI agents are accelerating code generation at an unprecedented pace, yet C++ files are still compiled as monolithic translation units, meaning a multi-core machine often cannot rebuild a template-heavy file much faster than a single core. Header-heavy designs, inline functions, and templates compound the problem: the same bodies are parsed repeatedly, and small edits can invalidate an entire translation unit.

In this lightning talk, Damien presented the architecture of a compiler-agnostic technique enabling to split translation units into smaller independently compilable units without requiring actual refactoring or build system adaption.

Damien explained the high-level rationale behind the implementation, including why it ultimately relied on precompiled headers, cached serialized ASTs, and a source map. It also shows how these choices impacted build performance on a representative real-world example.

🛠️ Dive Deeper: Slides & Upcoming Videos¶

The discussions didn't end when the speakers walked off the stage. The architecture patterns shared in Munich offer a blueprint for modern platform engineering.

Video Recordings: Our media team is currently editing the live recordings of the presentations. We will be publishing individual talk videos in the coming days. Stay tuned to our blog and social channels for the drop!

A special thank you to Salesforce for hosting us in their incredible Munich space, to our phenomenal speakers, and to the vibrant engineering community that made this event a resounding success.