| ▲ | robszumski 8 hours ago | ||||||||||||||||||||||||||||
We’ve built a modern dependabot (or works with it) agent: fossabot analyzes your app code to know how you use your dependencies then delivers a custom safe/needs review verdict per upgrade or packages groups of safe upgrades together to make more strategic jumps. We can also fix breaking changes because the agents context is so complete. https://fossa.com/products/fossabot/ We have some of the best JS/TS analysis out there based on a custom static analysis engine designed for this use-case. You get free credits each month and we’d love feedback on which ecosystems are next…Java, Python? Totally agree with the author that static analysis like govulncheck is the secret weapon to success with this problem! Dynamic languages are just much harder. We have a really cool eval framework as well that we’ve blogged about. | |||||||||||||||||||||||||||||
| ▲ | MattIPv4 8 hours ago | parent | next [-] | ||||||||||||||||||||||||||||
Are y'all aware your agent's name clashes with an established and rather popular streaming bot/tool, https://fossabot.com ? | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| ▲ | 2 hours ago | parent | prev | next [-] | ||||||||||||||||||||||||||||
| [deleted] | |||||||||||||||||||||||||||||
| ▲ | robszumski 7 hours ago | parent | prev | next [-] | ||||||||||||||||||||||||||||
example analysis on a Dependabot PR: https://github.com/daniellockard/tiltify-api-client/pull/36#... | |||||||||||||||||||||||||||||
| ▲ | 3 hours ago | parent | prev | next [-] | ||||||||||||||||||||||||||||
| [deleted] | |||||||||||||||||||||||||||||
| ▲ | necubi 7 hours ago | parent | prev | next [-] | ||||||||||||||||||||||||||||
Would love to see this for Rust! | |||||||||||||||||||||||||||||
| ▲ | AutumnsGarden 8 hours ago | parent | prev [-] | ||||||||||||||||||||||||||||
I think python and go could be great use cases | |||||||||||||||||||||||||||||