A dashboard to update your dependencies.

To run the whole thing for development (requires docker-compose):
GITHUB_TOKEN=<PAT> make
where PAT is an optional personnal access token for Github (see steps here on how to create one). If you do not specify the PAT then some features won't work (for example, changelogs).
This will re-build everything all the time, if you know there hasn't been any changes lately you can simply run:
GITHUB_TOKEN=<PAT> make fast
These commands will run the following four services:
This dev setup has hot reload for the front end (you can change front end files, and it'll get reflected) but not for the backend.
To rebuild the backend (or frontend) you can use:
GITHUB_TOKEN=<PAT> make restart-backend
To SSH into the backend (or frontend) you can use:
make ssh-backend

The architecture looks like the following:
Metrics on dependencies are obtained via a metrics service within the web-backend. The service is implemented using the metrics crate.

Essentially, what the service does when called is:
Cargo.toml) to obtain a list of dependencies._id.Note that for steps 2 and 3, dependabot has code that handles many types of file and package manager (Rust, Dockerfile, npm, etc.) While we do use it, we want to perform more granular analysis on our Rust dependency. For example, we want to understand what updates are more urgent than others based on semver, breaking changes, RUSTSEC advisories, Github statistics, dev dependency, etc. For this reason, we use custom code (built on top of guppy) to analyze parts of Rust dependencies.
priority() function that runs all the priority rules, and modify the vector of dependencies in place according to what it finds.RustAnalysis structure to store these signals. This will invalidate previous analysis, but it is not a big deal.calculate_priority_score() function that you can modify to increase (or decrease) the score depending on your signal, and to display a reason to the user (which will appear when they hsover the priority column of the UI's tables).risk() function that runs all the priority rules, and modify the vector of dependencies in place according to what it finds.RustAnalysis structure to store these signals. This will invalidate previous analysis, but it is not a big deal.calculate_risk_score() function that you can modify to increase (or decrease) the score depending on your signal, and to display a reason to the user (which will appear in the "review" pages if there's a risk score > 0).We use kubernetes for deploying the app. Check k8s for more information.
$ claude mcp add whackadep \
-- python -m otcore.mcp_server <graph>