Using fossabot

fossabot is an AI Agent for making strategic dependency updates and is capable of large complexity upgrades – the ones that require a senior engineer because they’re always an unexpected multi-hour research and coding task.

Using fossabot through GitHub

Navigating to https://bot.fossa.com will prompt you to install the GitHub application, if it's not already installed in your organization.

Engineers can view fossabot upgrade analysis and proposed Pull Requests directly in GitHub.

On a per-repository basis, you can configure whether analysis should be triggered automatically or wait for an engineer to request it. Manual analysis can be triggered by commenting @fossabot analyze on the Pull Request or using the UI to trigger analysis.

Using fossabot with Dependabot, Renovate or Snyk

fossabot works with existing dependency update tools you might already have: Dependabot, Renovate and Snyk. When Pull Requests from these tools are detected, fossabot can automatically analyze the proposed upgrade for breaking changes and determine if your application is impacted by the changes.

Using fossabot to Propose Upgrades

fossabot can propose its own intelligent updates, which allows you to easily catch up on your dependency upgrade backlog. By default, these Pull Requests will group together a set of dependencies that should be upgraded together, without any configuration required.