Skip to content
FoundationMachines

Foundation Machines

Start from Connect, attach a workspace and installation, and run security reviews with code context on every PR/MR.

Foundation Machines builds AI products for software security. Our first product is Sebastion AI, which reviews pull and merge requests for security regressions and posts inline comments directly in your source host workflow.

Start from Connect

Open app.foundationmachines.ai/connect to choose a source host, select the workspace that should be billed, and complete your installation.

What you get before any config

Sebastion ships with an opinionated review loop so you can evaluate value before writing any config:

  • Code context on each PR/MR: Sebastion reviews the changed code path, not just isolated snippets, then posts findings on the offending lines.
  • Actionable output in the source host: findings include severity, CWE, explanation, and a suggested fix where possible.
  • A built-in learning loop: when you suppress a noisy finding, that suppression is reused on future reviews for the same installation.

Shared terms used across app + docs

TermMeaning
ConnectThe onboarding surface at app.foundationmachines.ai/connect where you start host setup.
WorkspaceThe billing + usage scope for a team or individual. Plans, credits, caps, and usage are tracked here.
InstallationThe connected source-host entity Sebastion reviews (for example, a GitHub App installation or a GitLab project linkage).
Code contextThe PR/MR diff plus surrounding code needed to reason about security impact.
Learning loopThe mechanism for reducing repeat noise over time via Learnings and suppressions tied to an installation.

Sebastion AI, security review for every pull request

Sebastion AI supports GitHub and GitLab SaaS. Connect an installation and each PR/MR is reviewed by an autonomous security auditor. Findings post back as inline review comments tagged with severity and CWE ids, usually within 60 seconds of push.

The typical UX:

  1. Open Connect at app.foundationmachines.ai/connect and choose your source host + workspace.
  2. Complete installation for that host. For GitHub this is App installation; for GitLab this is project linkage via Connect.
  3. Push a pull or merge request. No config required by default. Drop a .sebastionai.yml at the repo root if you want per-repo customisation. See config.
  4. Read the inline comments. Each finding lands on the offending line with severity, CWE link, prose explanation and a ready-to-apply fix (often with a fenced diff code block). Critical findings flip the review to CHANGES_REQUESTED.

Sebastion AI is free for public repos. Pro is $19/month for solos. Team has no recurring fee — buy credit packs from $25 and add unlimited users. See billing for details.

Start with the quickstart. For GitLab SaaS onboarding, see GitLab quickstart.

For pricing and product information, see foundationmachines.ai.

What Sebastion AI isn't.

  • A linter. ESLint already exists.
  • A chatbot. There is no prompt box.
  • A replacement for code review. It is another reviewer, not the only one.

Quickstart

Use Connect to link a workspace and installation, then run your first PR/MR review with code-context findings.

On this page

What you get before any configShared terms used across app + docsSebastion AI, security review for every pull requestWhat Sebastion AI isn't.