DeepSource

DeepSource CLI v2 • DeepSource Changelog DeepSource is the AI Code Review Platform. Hybrid static + AI analysis with 82% accuracy on real vulnerabilities. Ship clean, secure code.

Read the full changelog: deepsource.com/changelog/2...

deepsource by deepsourcecorp/skills Install the deepsource skill for deepsourcecorp/skills

Install the skill: skills.sh/deepsourcec...

Once the CLI is installed, get the DeepSource skill and just ask your agent to monitor DeepSource's review on a PR and fix.

The CLI provides several flags to get details of the review — by category, severity, or per file.

Meet the new DeepSource's CLI, built to make it easier for your AI coding agent to work with our code review results.

Phillip Mitto, in a gray suit, smiles confidently against a dark background, expressing excitement about joining the DeepSource team.

We're excited to welcome Phillip Mitto to our GTM team in our SF office.

Originally hailing from Connecticut, Phil is a soccer fanatic, Fulham F.C. fan, and an avid traveller.

Bragging rights? He's hiked the Inca Trail to Machu Picchu.

Hybrid AI Agent for Secrets Detection DeepSource now uses a hybrid AI agent architecture powered by Narada for secrets detection, dramatically reducing false positives while improving accuracy. Available now for all teams on DeepSource Cloud.

The new detection engine is available to all customers on DeepSource Cloud. Team administrators can enable it by navigating to Settings → General → Preferences in their team settings and selecting the Hybrid AI Agent engine.

Read more: deepsource.com/blog/secret...

Powered by our open-source Narada classification model, the Secrets Analyzer is now way more smarter — 97% precision, 93% reduction in false positives, and 96.3% recall on our benchmarks.

Dark settings panel titled "Secrets Analyzer" with options showing Legacy and selected Hybrid AI Agent for secret detection in code.

New: Hybrid AI Agent for Secrets Detection 🔒 ✨

We've released a new detection engine for our Secrets Analyzer that finds more valid secrets in your source code while greatly reducing false-positives. This makes DeepSource the best way to run secrets analysis on your code.

DeepSource case study DeepSource uses Gemini models for building AI agents for code remediation and augmenting static analysis, and GKE to provide scalable analysis.

Read more on some technical details into our analysis platform in Google's blog.

cloud.google.com/customers/d...

Thanks Google Cloud for featuring DeepSource in their latest case study!

We've been building on GCP since day one, and now process 1B+ lines of code every month for 7,000+ teams that trust us to ship secure code. We also use Gemini extensively for Autofix™ AI and Agents.

🚨 We’ve officially made it to Times Square! 🚨

DeepSource Agents are now front and center in the world’s most iconic digital billboard space! What better way to celebrate than with a little extra visibility?

Ship code fearlessly.

👀 Did you spot the DeepSource truck around the RSA Conference last week?

DeepSource Agents DeepSource Agents are autonomous AI agents that secure your code.

When over 40% of all new code written at most companies is AI-generated, the primary topic of discussion at the dinner (and top-of-mind for most security leaders) was how AppSec teams should keep up.

Learn more: deepsource.com/agents

Last Friday in San Francisco: We gathered an eclectic group of security leaders, CTOs, and founders to give them a peek at DeepSource Agents, our autonomous AI agents for code security.

🗓️ 4/25 in San Francisco: We're hosting an intimate gathering of founders, security leaders, and CTOs for a thought-provoking conversation around AI agents in security — and unveiling something radically new from DeepSource.

Register: lu.ma/bdycpip5 (limited spots)

DeepSource Software Composition Analysis (SCA): Walkthrough DeepSource SCA is the latest offering in our unified DevSecOps platform that helps companies secure their open-source dependencies with static analysis and A...

You can get started right away or talk to us if you're moving from traditional SCA tools.

Sign up: deepsource.com/sca

Watch a demo: www.youtube.com/watch?v=nP0...

Finally, DeepSource SCA is the only one on the market that's transparently priced — per target.

Each combination of a manifest file (like package.json) and a lock file (like package-lock.json) counts as a target. All features are included in this price, bar none.

3️⃣ Dynamic Risk.

We've invented a new scoring system that enables you to assign custom weights and strategies to CVSS scores, EPSS scores, and percentiles, using reachability information to assign a Dynamic Risk to each vulnerability—so your security can finally be personalized.

2️⃣ World's first multi-variate auto-remediation engine.

Upgrading dependencies to fix vulnerabilities is tricky. Traditional SCA tools don't help you automatically create fixes. Those that do use a naïve approach—"Here, upgrade to the latest version of the package."

1️⃣ Industry-leading Reachability Analysis.

Our static analyzer starts with function calls right at the top of your code and traverses this graph down to the third-party code by tracking every single function call in the file and across all referenced files using import tracking.

✨ Introducing, DeepSource SCA: Intelligent Supply Chain Security that helps you secure your open-source dependencies with best-in-class static analysis and Autofix™ AI.

Learn more: deepsource.com/platform/sca

DeepSource SCA is built for modern AppSec, with three key innovations:

GitHub - DeepSourceCorp/globstar: Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter. Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter. - DeepSourceCorp/globstar

While there are some great (but still relatively restricted) offerings in the space, Globstar is a fresh take on static analysis tooling, built with Go and tree-sitter, and is truly open-source. We're excited to see the AppSec community adopting it.

Check out the repo: github.com/DeepSourceC...

We were delighted to see our Globstar launch covered by Mike Vizard in @devopsdotcom.

Read the full coverage: devops.com/deepsource-...

Babbel • Customer Case Study Babbel, a leading subscription-based language learning platform serving 16M+ users worldwide, needed to standardize code quality across their extensive engineering organization. With hundreds of developers working across multiple GitHub organizations, they faced significant challenges in maintaining consistent standards. By implementing DeepSource, they transformed their development practices — successfully rolling out comprehensive code analysis across their entire codebase within just six weeks, while processing thousands of commits monthly.

"DeepSource isn't just a tool for us; it's a catalyst for cultural change in how we approach code quality."

Learn how Babbel, a leading EdTech platform serving 16M+ users worldwide, transformed its code health and security stack with DeepSource.

deepsource.com/customers/b...

GitHub - DeepSourceCorp/globstar: Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code quality and SAST checkers. Based on tree-sitter. Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code quality and SAST checkers. Based on tree-sitter. - DeepSourceCorp/globstar

We have some exciting updates planned for Globstar in the next couple of weeks. Please consider watching and starring the repo for updates: github.com/DeepSourceC...

Globstar by DeepSource Fast, feature-rich, open-source static analysis toolkit for writing and running code quality and SAST checkers.

3. An all-new tutorial for helping you write your first YAML checker in Globstar — and run it in your CI pipeline.

globstar.dev/guides/writ...

2. Several improvements to Globstar: an all-new Go API to write custom checkers, which gives you the full power of tree-sitter bindings and advanced capabilities like multi-file analysis and scope resolution.

🔽 🔽 🔽

Happy Friday, y'all!

Our latest changelog is out and we've shipped three key things:

1. An all-new DeepSource Directory, where you can explore all static analysis and SAST checkers across 20+ Analyzers on DeepSource.

🔽 🔽 🔽

We get it: if you've been stuck with a legacy SAST system, DeepSource might feel... different.

We don't ask you to make changes to your already complex CI pipeline.

We don't show you all the issues in your repository all at once without any prioritization.

Just a fresh take on code health. 🤷🏼

Omnigo Omnigo, a leading provider of incident management software for public safety and security teams, serves over 2,700 organizations with mission-critical solutions. Their software platform enables end-to-end incident handling, from planning and response to reporting, investigation, and resolution. With distributed development teams maintaining this essential platform, Omnigo transformed their code quality management by switching to DeepSource. Within two months of implementation, their engineering teams achieved unprecedented quality improvements, successfully addressing technical debt while strengthening the reliability of their public safety software.

> A 23-year old codebase
> mission-critical public safety software
> had been using legacy products that didn't work

Learn how Omnigo finally got a handle on its code quality and security with DeepSource.

deepsource.com/customers/o...