DeepSource's core focus has always been on three fundamental code health aspects: maintainability, security, and automation. To complete the loop on code health, we have expanded our focus to include a fourth pillar — insights. Each repository on DeepSource now features a new "Reports" section, which contains six new reports intended to provide valuable insights into your code's security and maintainability.
Two of the most important reports in the new section are the OWASP® Top 10 and CWE/SANS Top 25 reports. These reports provide a bird's eye view of how your code measures up to these popular security recommendations. With these reports, you can identify the exact issues that need to be fixed with a single click, filtered by severity. You can even share these reports with external stakeholders right from the dashboard.
Why should teams report on the OWASP® Top 10 and CWE/SANS Top 25?
OWASP® Top 10 and CWE/SANS Top 25 frameworks provide a helpful guideline to developers and security teams to improve their code on several aspects, including improved security posture, streamlined vulnerability management, compliance with regulations, better communication, and effective prioritization of security risks.
- Improved security posture: Reporting on the OWASP® Top 10 and CWE/SANS Top 25 allows developers and security teams to identify and prioritize the most critical security risks, enabling them to take proactive measures to improve the security posture of their applications.
- Streamlined vulnerability management: Reporting on these lists provides a common language and understanding of security risks, making it easier for developers and security teams to collaborate and manage vulnerabilities more efficiently.
- Compliance with regulations: Many regulations and industry standards require organizations to take measures to protect against known security risks. Reporting on the OWASP® Top 10 and CWE/SANS Top 25 can help organizations demonstrate compliance with these standards by showing that they are addressing known security risks.
- Better communication: Reporting on the OWASP® Top 10 and CWE/SANS Top 25 can improve communication between developers and security teams by providing a shared understanding of security risks. This can lead to more effective collaboration and better outcomes for the organization.
- Prioritization: Reporting on the OWASP® Top 10 and CWE/SANS Top 25 allows developers and security teams to prioritize security risks based on severity and potential impact, helping to allocate resources more effectively and reduce risk.
The Code Health Trend report is another important addition to the platform. This report helps you understand how many net new code health issues are making it into your codebase every week. Sometimes teams need to incur technical debt to move fast, but a lack of visibility can negatively impact long-term sustainability. Keeping track of net new issues helps you avoid future pain.
The Issue Distribution report gives you an overview of the current state of code health issues based on issue category and programming language. Often teams want to understand which areas of their code health are most degrading. This report gives a historical view of the distribution across different issue categories and languages, so you can understand where to prioritize action.
The Issues Autofixed report helps you understand how your team is using DeepSource Autofix™️ to clean up code health issues automatically. Autofix™️ helps developers find and automatically fix common code health issues such as code formatting, style consistency, and bugs. It integrates with existing workflows and provides real-time suggestions for fixes, helping reduce the time and effort required to maintain high-quality code. This report gives you an idea of the time developers save, thanks to DeepSource.
And finally, the Issues Prevented report shows you a historical view of the number of code health issues DeepSource has helped your team prevent from entering the code base. This report helps you understand the impact of having DeepSource as part of your software development workflows. Over time, this helps you visualize how enabling code health automation impacts software quality and delivery.
Access to code health insights is crucial for all stakeholders, from engineering leadership to individual developers. That helps ensure everyone is on the same page and can work efficiently to build high-quality software. Engineering leaders, in particular, can benefit greatly from these insights, as they provide data and historical trends that allow for better decision-making and a focus on key priorities.
DeepSource Reports provides a comprehensive view of your code's health and insights into the quality of your code. With these new reports, you can identify and prioritize issues and make data-driven decisions to improve your code's quality, maintainability, and security. This release is a significant step towards DeepSource's goal of making code health a seamless and automated part of the software development process.
If you're on DeepSource, you should already have access to reports for each repository and across your entire team. If you're not on DeepSource, you can get started today on DeepSource Cloud or reach out to us for a personalized demo of DeepSource Enterprise.