Using fossabot
fossabot is an AI Agent for making strategic dependency updates and is capable of large complexity upgrades – the ones that require a senior engineer because they’re always an unexpected multi-hour research and coding task.
fossabot is also an intelligent code reviewer, which uses its knowledge of your code for SAST review and AI-generated code guardrails.
Using fossabot for Dependency Upgrades
Using fossabot for SAST Security Review
Using fossabot for AI Guardrails
Connecting fossabot to GitHub
Navigating to https://bot.fossa.com will prompt you to install the GitHub application, if it's not already installed in your organization. This applies to both regular github.com and GitHub Enterprise Cloud accounts.
Engineers can view fossabot upgrade analysis and proposed Pull Requests directly in GitHub.
On a per-repository basis, you can configure whether analysis should be triggered automatically or wait for an engineer to request it. Manual analysis can be triggered by commenting @fossabot analyze on the Pull Request or using the UI to trigger analysis.
GitHub Enterprise Server
GitHub Enterprise Server (GHES) requires applications to be registered within the instance. Once you log in to https://bot.fossa.com, navigate to Settings > Integrations > Install GitHub app.
After entering a custom API server URL, the rest of the configuration will appear for you to complete.
Connecting fossabot to GitLab
Navigating to https://bot.fossa.com will prompt you to use OAuth or an access token to connect to GitLab.
Engineers can view fossabot upgrade analysis and proposed Merge Requests directly in GitLab.
On a per-repository basis, you can configure whether analysis should be triggered automatically or wait for an engineer to request it. Manual analysis can be triggered by commenting /fossabot analyze on the Merge Request or using the UI to trigger analysis.
GitLab Access Token requirements
If using the legacy token scopes, fossabot requires: api, read_repository, write_repository
If you have access to more granular scopes, expand the follow categories and provide access.
Fine-grained Access Token Requirements
| Category | Scope | Permission Level |
|---|---|---|
| CI/CD | Job | Read, Run Job |
| CI/CD | Pipeline | Read |
| Repository | Branch | Read, Create, Delete |
| Repository | Code | Read |
| Repository | Commit | Read, Create |
| Repository | Merge Request | Read, Create, Update |
| Repository | Repository | Read |
| Repository | Repository Tag | Read |
| Repository | Tag | Read |
| Group | Group | Read |
| Project | Project | Read |
Updated about 21 hours ago
Next, connect fossabot to your code