System Architecture

fossabot's mission is to manage your dependency updates in an intelligent and highly automated fashion.

Data Sources

To do this, it requires access to 3 fundamental data sources:

1. Your application (source code)

Only GitHub.com is supported currently, with other version control systems planned.

2. Your third party dependencies (source code)

Package manager databases are used to connect the declared packages in your app with their published source code. Publicly-available dependency source code is fetched from GitHub, GitLab and BitBucket. Private dependencies are fetched from configured code mirrors.

3. Hosted AI models

fossabot exclusively uses LLM and AI services from Anthropic through an enterprise agreement with no training or data retention. A variety of models are used for specific uses – a full list is available upon request.

First Party Code

Your first party code is cloned down during each operation. Each analysis worker is dedicated to a single customer's analysis at a time and your cloned code is deleted immediately after the analysis completes.

Data Flow Diagram