Back to all posts
Mar 16, 2023

Azure DevOps

We’re excited to announce that DeepSource cloud now supports Azure DevOps as a Version Control System (VCS) provider, in addition to GitHub, GitLab, and Bitbucket. You can now use DeepSource to monitor and improve the health of your code hosted on Azure DevOps.

To add your Azure DevOps organization to DeepSource, navigate to the account switcher on your dashboard, and create a new workspace. Read more in the docs.

Single Sign-On

DeepSource cloud now supports SAML2.0-based Single Sign-On (SSO) authentication. We have added guidelines and support for Okta, OneLogin, and Azure AD as Identity Providers.

To set up SSO for your team, navigate to the Security tab in your team-level settings or refer to our docs for step-by-step instructions.

New in Analyzers

  • We’ve added 64 new checks for static analysis and SAST:
  • We’ve added Autofix™️ for 12 checks:

Fixes and Improvements

  • We’ve added support for Python 3.11 syntax in the Python Analyzer.
  • Ruby Analyzer is now up to 19% faster. We upgraded to Ruby 3.2 and enabled YJIT, which improved the speed of analysis.
  • We’ve fixed an issue where Autofix™️ was failing when PTC-W0028 was being raised for from . import … imports.
  • We’ve fixed an issue where Autofix™️ was failing when PYL-C0325 was being raised on except keyword, such as except(Exception as exc).
  • We’ve fixed several false positives in this release:
  • JAVA-W1067: We’ve fixed an issue where we were incorrectly flagging redundant cast of return value even when suppress annotations were present. Using @SuppressWarnings("unused") will ensure it is not reported.
  • JAVA-E1034: We’ve fixed an issue where we incorrectly flagged serializable classes that used the ”serialization proxy” pattern (as described in Effective Java by Josh Bloch). The Java Analyzer will now successfully detect serialization proxy classes and will not report this issue if such a class is found.
  • JAVA-W1037: We raise this issue when a return statement contains an assignment to a local variable. It was earlier incorrectly flagged when a lambda or anonymous class, within which a local variable was assigned, was returned. Now, this issue will correctly detect such cases and avoid reporting them.
  • JAVA-E1083: We’ve fixed an issue where we were not accounting for the usage of hasText function from Apache commons with null-checking strings. We will now correctly detect null checks using this function.
  • JAVA-S1060: We’ve fixed an issue where a field was reported as not being injected correctly if the field was assigned by calling a method on a constructor parameter instead of being assigned directly. The Analyzer now correctly considers such cases.
  • JAVA-E1085: We’ve fixed an issue where the usage of System.arrayCopy was not considered during analysis. The Analyzer will now recognize calls to arrayCopy as sanitizing calls.
  • JS-0057: We’ve fixed an issue where we were incorrectly flagging parameterized constructors in TypeScript as empty constructors.
  • PTC-W1003: We’ve fixed an issue where we were incorrectly flagging hashlib methods if you pass usedforsecutiy=False as insecure functions.
  • PTC-W0018: We’ve fixed an issue where we incorrectly flagged set literals, such as list({1, 2, 1}) , as unnecessary literals.