Blog

/

Security

Posts from team Deepsource related to Security

Support for Bitbucket Data Center

Bitbucket Server has come to end-of-life. We’re here to help with your transition to Data Center or Cloud.

Support for Bitbucket Data Center

Bitbucket Server has come to end-of-life. We’re here to help with your transition to Data Center or Cloud.

From Zero To Secure

A guide to risk-free SAST implementation for AppSec teams.

From Zero To Secure

A guide to risk-free SAST implementation for AppSec teams.

Introducing, Community Analyzers

Run open-source third-party static analyzers on DeepSource.

Introducing, Community Analyzers

Run open-source third-party static analyzers on DeepSource.

VS Code Extension, with LLM-based Autofix

Perform analysis and resolve issues directly from the convenience of your VS Code environment.

VS Code Extension, with LLM-based Autofix

Perform analysis and resolve issues directly from the convenience of your VS Code environment.

Introducing, DeepSource Runner

Run DeepSource with SaaS convenience and on-premise security

Introducing, DeepSource Runner

Run DeepSource with SaaS convenience and on-premise security

Introducing support for Monorepos

Switch existing repositories to 'Monorepo mode', or onboard new repositories as monorepos on DeepSource.

Introducing support for Monorepos

Switch existing repositories to 'Monorepo mode', or onboard new repositories as monorepos on DeepSource.

Introducing, DeepSource for Kotlin

Find and fix bug risks, anti-patterns, and performance issues in your Kotlin code.

Introducing, DeepSource for Kotlin

Find and fix bug risks, anti-patterns, and performance issues in your Kotlin code.

Announcing DeepSource’s Vanta integration

Simplifying source code security compliance for AppSec teams.

Announcing DeepSource’s Vanta integration

Simplifying source code security compliance for AppSec teams.

Introducing, DeepSource for Swift

Static Analysis, SAST, Code Coverage, and Autofix™️ — now for Swift.

Introducing, DeepSource for Swift

Static Analysis, SAST, Code Coverage, and Autofix™️ — now for Swift.

Scanning JavaScript Code For Security Vulnerabilities

A run-down of how DeepSource performs taint analysis of JavaScript code

Scanning JavaScript Code For Security Vulnerabilities

A run-down of how DeepSource performs taint analysis of JavaScript code

The Hidden Costs of False Positives in Code Quality

Understanding the Ramifications of High False-Positive Rates in Code Quality Tools

The Hidden Costs of False Positives in Code Quality

Understanding the Ramifications of High False-Positive Rates in Code Quality Tools

Risks of Disparate Code Quality Tools

Consolidating Code Quality Tools for Efficiency

Risks of Disparate Code Quality Tools

Consolidating Code Quality Tools for Efficiency

Introducing, DeepSource Reports

Track code health with security reporting and insights: OWASP® Top 10, CWE/SANS Top 25, and more.

Introducing, DeepSource Reports

Track code health with security reporting and insights: OWASP® Top 10, CWE/SANS Top 25, and more.

Introducing, Pinned Reports

A bird’s eye view of your code health, now on your DeepSource dashboard.

Introducing, Pinned Reports

A bird’s eye view of your code health, now on your DeepSource dashboard.

What to Look for in SAST Tools

A Comprehensive Guide for Engineering Managers.

What to Look for in SAST Tools

A Comprehensive Guide for Engineering Managers.

Improve Security Posture with Static Application Security Testing (SAST)

Safeguard Your Software with a Proactive Security Approach: Shift-Left and Reduce Risk

Improve Security Posture with Static Application Security Testing (SAST)

Safeguard Your Software with a Proactive Security Approach: Shift-Left and Reduce Risk

Better Audit Logs

New features to help you track and audit changes to your DeepSource team with more transparency.

Better Audit Logs

New features to help you track and audit changes to your DeepSource team with more transparency.

Writing Secure Rust Code with SAST

Rust gives you memory safety guarantees, but you’re still on the hook for security.

Writing Secure Rust Code with SAST

Rust gives you memory safety guarantees, but you’re still on the hook for security.

Rust stdlib vulnerability in fs::remove_dir_all

Rust 1.0.0 through Rust 1.58.0 is affected.

Rust stdlib vulnerability in fs::remove_dir_all

Rust 1.0.0 through Rust 1.58.0 is affected.

Parallel processing in Node.js using worker threads

Leveraging worker threads to improve the performance of CPU intensive apps.

Parallel processing in Node.js using worker threads

Leveraging worker threads to improve the performance of CPU intensive apps.

What's new in Python 3.9?

New `str` methods, better typing support, new modules, and more.

What's new in Python 3.9?

New `str` methods, better typing support, new modules, and more.

What's new in Python 3.10?

Structural pattern matching, parenthesized context managers, improved error messages, and more.

What's new in Python 3.10?

Structural pattern matching, parenthesized context managers, improved error messages, and more.

Log4Shell: Apache Log4j Vulnerability

What it is and how to detect and fix it with DeepSource.

Log4Shell: Apache Log4j Vulnerability

What it is and how to detect and fix it with DeepSource.

Learn Python ASTs by building your own linter

The only resource you need to read to learn about ASTs in Python, and the superpowers they give you.

Learn Python ASTs by building your own linter

The only resource you need to read to learn about ASTs in Python, and the superpowers they give you.

Beginner's guide to JavaScript static code analysis

The answers to every what, why, when and how about JavaScript static code analysis.

Beginner's guide to JavaScript static code analysis

The answers to every what, why, when and how about JavaScript static code analysis.

5 Common mistakes in Go

A short list of patterns that beginners miss while writing Go.

5 Common mistakes in Go

A short list of patterns that beginners miss while writing Go.

Breaking builds, baseball bats, and the code quality DNA

A conversation with Badri Rajasekar on how companies of different sizes ship good code.

Breaking builds, baseball bats, and the code quality DNA

A conversation with Badri Rajasekar on how companies of different sizes ship good code.

Common anti-patterns in Go

A list of anti-patterns you should avoid while writing code in Golang.

Common anti-patterns in Go

A list of anti-patterns you should avoid while writing code in Golang.

Python code review checklist

How to cover all aspects of the code in a review.

Python code review checklist

How to cover all aspects of the code in a review.

Guidelines for Java code reviews

Get a jump-start on your next code review session with this list.

Guidelines for Java code reviews

Get a jump-start on your next code review session with this list.

JavaScript best practices to improve code quality

Learn how some of the new features in JavaScript can help you write cleaner code.

JavaScript best practices to improve code quality

Learn how some of the new features in JavaScript can help you write cleaner code.

Good Code Podcast: Episode 4

On communication in open-source collaboration, with Cheuk Ting Ho.

Good Code Podcast: Episode 4

On communication in open-source collaboration, with Cheuk Ting Ho.

Python code formatters

Let these tools automate style formatting for your Python code.

Python code formatters

Let these tools automate style formatting for your Python code.

Managing multiple Git profiles

What if Git already knew whether to use your work email or personal? Say no more. Here's how.

Managing multiple Git profiles

What if Git already knew whether to use your work email or personal? Say no more. Here's how.

Why you should use the key directive in Vue.js with v-for

Sometimes things go wrong while rendering lists.

Why you should use the key directive in Vue.js with v-for

Sometimes things go wrong while rendering lists.

Good Code Podcast: Episode 3

How open-source communities perform code reviews, with Timothy Chen.

Good Code Podcast: Episode 3

How open-source communities perform code reviews, with Timothy Chen.

Demystifying Python’s Descriptor Protocol

A walkthrough of descriptor protocol to understand inner working of property, classmethod, staticmethod builtins

Demystifying Python’s Descriptor Protocol

A walkthrough of descriptor protocol to understand inner working of property, classmethod, staticmethod builtins

How Reactivity works in Vue.js

Understanding Vue.js reactivity system

How Reactivity works in Vue.js

Understanding Vue.js reactivity system

Git branch naming conventions

A primer on naming branches for modern git workflows.

Git branch naming conventions

A primer on naming branches for modern git workflows.

All that happened: PyCon India 2019

The DeepSource team was at the annual Python conference. Here's a report about all the fanfare.

All that happened: PyCon India 2019

The DeepSource team was at the annual Python conference. Here's a report about all the fanfare.

OWASP Top 10: Sensitive Data Exposure

An overview of the sensitive data exposure security threat from OWASP Top 10.

OWASP Top 10: Sensitive Data Exposure

An overview of the sensitive data exposure security threat from OWASP Top 10.

Comparison of new Python web frameworks

Pick a fresh one for your next side project.

Comparison of new Python web frameworks

Pick a fresh one for your next side project.

7 popular web frameworks in Go

Pick a fresh one for your next side project.

7 popular web frameworks in Go

Pick a fresh one for your next side project.

DeepSource at PyConf Hyderabad - Experience & Reflections

DeepSource spent two days at IIIT Hyderabad with Python enthusiasts. Here's the report.

DeepSource at PyConf Hyderabad - Experience & Reflections

DeepSource spent two days at IIIT Hyderabad with Python enthusiasts. Here's the report.

"isn't a title of this post" isn't a title of this post

How talking in first person put math in crisis.

"isn't a title of this post" isn't a title of this post

How talking in first person put math in crisis.

Good Code Podcast: Episode 2

On developer workflows with Javed Khan of Handshake.

Good Code Podcast: Episode 2

On developer workflows with Javed Khan of Handshake.

Easy performance optimizations in Python

Low-hanging fruits that give your Python code little speed-ups.

Easy performance optimizations in Python

Low-hanging fruits that give your Python code little speed-ups.

Package management in Go

Brief overview of package management in Go — pre and post Go modules

Package management in Go

Brief overview of package management in Go — pre and post Go modules

Positional-only arguments in Python

An introduction to the new `/` syntax in Python 3.8.

Positional-only arguments in Python

An introduction to the new `/` syntax in Python 3.8.

Good Code Podcast: Episode 1

On API design with Shabda Raaj of Agiliq.

Good Code Podcast: Episode 1

On API design with Shabda Raaj of Agiliq.

OWASP Top 10: Broken Authentication

An overview of the broken authentication security threat from OWASP Top 10.

OWASP Top 10: Broken Authentication

An overview of the broken authentication security threat from OWASP Top 10.

Walrus operator in Python 3.8: a primer

The definitive tutorial for the all-new assignment expressions syntax in Python 3.8 with examples.

Walrus operator in Python 3.8: a primer

The definitive tutorial for the all-new assignment expressions syntax in Python 3.8 with examples.

Good First Issue: August 2019

Helping developers with their first contribution to open-source.

Good First Issue: August 2019

Helping developers with their first contribution to open-source.

How Masonite ships good code with DeepSource

Q&A with creator Joe Mancuso.

How Masonite ships good code with DeepSource

Q&A with creator Joe Mancuso.

OWASP Top 10: Injection

An overview of the code injection security threat from OWASP Top 10.

OWASP Top 10: Injection

An overview of the code injection security threat from OWASP Top 10.

What's new in Python 3.8?

Significant additions in Python 3.8 such as walrus operator, positional only arguments, new syntax warnings.

What's new in Python 3.8?

Significant additions in Python 3.8 such as walrus operator, positional only arguments, new syntax warnings.

Common beginner mistakes in Python

A short list of patterns that beginners miss while writing Python.

Common beginner mistakes in Python

A short list of patterns that beginners miss while writing Python.

Python and Kubernetes Events: March 2019

Meeting developers at local meet-ups in Bangalore.

Python and Kubernetes Events: March 2019

Meeting developers at local meet-ups in Bangalore.

Code review best practices

Simple rules that make peer code reviews work better for teams.

Code review best practices

Simple rules that make peer code reviews work better for teams.

Best practices for using Git

Simple conventions which make Git work best for a team.

Best practices for using Git

Simple conventions which make Git work best for a team.

The exponential cost of fixing bugs

Learn about how the best time to detect and fix bugs is before you push code to production.

The exponential cost of fixing bugs

Learn about how the best time to detect and fix bugs is before you push code to production.

Benefits of Continuous Quality

Reasons why adding CQ to your development pipeline is worth it.

Benefits of Continuous Quality

Reasons why adding CQ to your development pipeline is worth it.

Importance of software documentation

Comments age like fish, unlike code.

Importance of software documentation

Comments age like fish, unlike code.

What is technical debt?

Understanding one of the most important tenets of software engineering.

What is technical debt?

Understanding one of the most important tenets of software engineering.

Don't use Math.random()

Despite what the accepted answer on Stack Overflow tells you, using Math.random for generating passwords is always a bad idea.

Don't use Math.random()

Despite what the accepted answer on Stack Overflow tells you, using Math.random for generating passwords is always a bad idea.

DeepSource is now SOC 2 Type II compliant

Announcing our SOC 2 certification for security, availability, and confidentiality.

DeepSource is now SOC 2 Type II compliant

Announcing our SOC 2 certification for security, availability, and confidentiality.

What's new in Python 3.11?

Built-in TOML support, better exceptions, and typing improvements.

What's new in Python 3.11?

Built-in TOML support, better exceptions, and typing improvements.

Problems & pains in parsing: a story of lexer-hack

A tale of popular issues in parsing mainstream languages because of design oversights.

Problems & pains in parsing: a story of lexer-hack

A tale of popular issues in parsing mainstream languages because of design oversights.

Using Roslyn APIs to build a .NET IL interpreter

Let us write our own IL interpreter that is capable of executing fibonacci series program

Using Roslyn APIs to build a .NET IL interpreter

Let us write our own IL interpreter that is capable of executing fibonacci series program

Debugging Heisenbugs: A tale of parallel processing

How do you debug bugs that disappear when you look at them?

Debugging Heisenbugs: A tale of parallel processing

How do you debug bugs that disappear when you look at them?

Aligning software development with business strategy

How engineering leaders can merge technical and business needs to foster efficiency and avoid technical debt.

Aligning software development with business strategy

How engineering leaders can merge technical and business needs to foster efficiency and avoid technical debt.

DeepSource's Guide to SAST

How to implement SAST without disrupting your software development workflow.

DeepSource's Guide to SAST

How to implement SAST without disrupting your software development workflow.

Balancing code quality and developer productivity

How to avoid technical debt while meeting deadlines.

Balancing code quality and developer productivity

How to avoid technical debt while meeting deadlines.

Ruby 3.2's WASI Integration: A Closer Look

An insight into the implementation of WASI support in Ruby 3.2

Ruby 3.2's WASI Integration: A Closer Look

An insight into the implementation of WASI support in Ruby 3.2

DeepSource Discuss

Introducing, DeepSource's community forum.

DeepSource Discuss

Introducing, DeepSource's community forum.

Introducing Bitbucket support for DeepSource

DeepSource now supports Bitbucket repositories for code analysis.

Introducing Bitbucket support for DeepSource

DeepSource now supports Bitbucket repositories for code analysis.

Introducing, DeepSource for C#

Fast and reliable static analysis for the C# and .NET ecosystem, now in beta.

Introducing, DeepSource for C#

Fast and reliable static analysis for the C# and .NET ecosystem, now in beta.

DeepSource at PyCon India 2019

Announcing our Silver sponsorship for India's annual Python conference.

DeepSource at PyCon India 2019

Announcing our Silver sponsorship for India's annual Python conference.

Common anti-patterns in Python

Freshly added in DeepSource's Python analyzer.

Common anti-patterns in Python

Freshly added in DeepSource's Python analyzer.

Release: Test coverage, meta config for analyzers

Quick update that highlights recent product releases and improvements we’ve made.

Release: Test coverage, meta config for analyzers

Quick update that highlights recent product releases and improvements we’ve made.

Release: Actions on issues, ignore rules

New actions on your repository dashboard that help you tweak how issues are reported.

Release: Actions on issues, ignore rules

New actions on your repository dashboard that help you tweak how issues are reported.

Release: Granular analysis on diffs

On changeset analysis, we now raise issues only on the changed lines, not files.

Release: Granular analysis on diffs

On changeset analysis, we now raise issues only on the changed lines, not files.

Release: Permanently silence issues in code

Introducing "skipcq", a unified way to silence issues in source code permanently.

Release: Permanently silence issues in code

Introducing "skipcq", a unified way to silence issues in source code permanently.

Release: Ignore issues in all test files

No configuration needed. One click, and done!

Release: Ignore issues in all test files

No configuration needed. One click, and done!

Release: Re-thinking test coverage

Test coverage tracking support is now available for Python, Go and Ruby.

Release: Re-thinking test coverage

Test coverage tracking support is now available for Python, Go and Ruby.

Release: Go analyzer lands in beta

DeepSource now supports Go, with 120+ types of issues.

Release: Go analyzer lands in beta

DeepSource now supports Go, with 120+ types of issues.

Release: GitLab support, new actions on issues

Analyze your code from GitLab, starting now. And more!

Release: GitLab support, new actions on issues

Analyze your code from GitLab, starting now. And more!

Release: Static type checker in Python

The Python analyzer now supports type checking with mypy.

Release: Static type checker in Python

The Python analyzer now supports type checking with mypy.

Release: Static analysis for Dockerfile

Run continuous static analysis on your Dockerfiles, starting now.

Release: Static analysis for Dockerfile

Run continuous static analysis on your Dockerfiles, starting now.

DeepSource Go analyzer is now generally available

Support for more package managers, and 21 new issues detected.

DeepSource Go analyzer is now generally available

Support for more package managers, and 21 new issues detected.

Release: Improved issues interface

Search, sort, filter — discovering and fixing issues just got better.

Release: Improved issues interface

Search, sort, filter — discovering and fixing issues just got better.

Release: DeepSource Ruby analyzer lands in beta

DeepSource now supports Ruby, with 170+ types of issues.

Release: DeepSource Ruby analyzer lands in beta

DeepSource now supports Ruby, with 170+ types of issues.

Release: Improved repository onboarding workflow

Easier config file generation and auto commit config to GitHub/GitLab

Release: Improved repository onboarding workflow

Easier config file generation and auto commit config to GitHub/GitLab

Release: Static analysis for Terraform

Detect security issues in Terraform files with static analysis

Release: Static analysis for Terraform

Detect security issues in Terraform files with static analysis

Autofix: The future of code reviews is here

Making computers help us write good code.

Autofix: The future of code reviews is here

Making computers help us write good code.

Actionable issue reporting with DeepSource

Encouraging developers to take action on issues, and not just see them.

Actionable issue reporting with DeepSource

Encouraging developers to take action on issues, and not just see them.

Make your Dockerfile better with DeepSource

Use the Docker analyzer.

Make your Dockerfile better with DeepSource

Use the Docker analyzer.

Tips for writing glob patterns in DeepSource configuration

Glob patterns for writing test-file and exclude-file patterns

Tips for writing glob patterns in DeepSource configuration

Glob patterns for writing test-file and exclude-file patterns

Automate code formatting with Transformers

Make sure your code adheres to style guides — on autopilot.

Automate code formatting with Transformers

Make sure your code adheres to style guides — on autopilot.

Code formatting on autopilot

With Transformers, you don't need to manually fix style violations anymore.

Code formatting on autopilot

With Transformers, you don't need to manually fix style violations anymore.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

No items found.

Improve Security Posture with Static Application Security Testing (SAST)

Safeguard Your Software with a Proactive Security Approach: Shift-Left and Reduce Risk

Rust stdlib vulnerability in fs::remove_dir_all

Rust 1.0.0 through Rust 1.58.0 is affected.

OWASP Top 10: Sensitive Data Exposure

An overview of the sensitive data exposure security threat from OWASP Top 10.

OWASP Top 10: Broken Authentication

An overview of the broken authentication security threat from OWASP Top 10.

OWASP Top 10: Injection

An overview of the code injection security threat from OWASP Top 10.

Don't use Math.random()

Despite what the accepted answer on Stack Overflow tells you, using Math.random for generating passwords is always a bad idea.

DeepSource is now SOC 2 Type II compliant

Announcing our SOC 2 certification for security, availability, and confidentiality.

DeepSource's Guide to SAST

How to implement SAST without disrupting your software development workflow.

Get started with DeepSource

DeepSource is free forever for small teams and open-source projects. Start analyzing your code in less than 2 minutes.

CREATE AN ACCOUNT

Newsletter

Read product updates, company announcements, how we build DeepSource, what we think about good code, and more.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.