Audit Log Improvements
We’ve redesigned and improved audit logs for you to easily track and manage activity within your DeepSource workspace.
- Team-level Audit Log: DeepSource now reports audit logs at the team level. You can easily track and manage activity within your workspace, including changes made to team membership, billing information, repository permissions, and more.
- Search, Filter, and Export: We have further enhanced audit logs to make it easier for you to find specific events and keep track of changes made to your workspace. You can now search through your audit logs by the event name or team member email ids, export them in CSV format, and filter audit logs based on the timeframe.
Audit logs are only available for teams with a Business or Enterprise plan. You can go to your team-level or repository settings → Audit log to try the above improvements.
Issues Tab Redesign
We’ve redesigned the sidebar in the issues tab to make it easier for you to understand the various categories of code health issues identified by DeepSource. The new design categorizes issues into specific areas like Audit Required, SAST, IAC, and more, so you can focus on solving the most relevant issues for you.
You can switch to the new issue sidebar by clicking on the button at the bottom of the sidebar.
SCIM Support for Enterprise Cloud
Following the SAML-based Single Sign On release, we’ve added support for System for Cross-domain Identity Management (SCIM) in DeepSource for Enterprise Cloud users. You can use SCIM in conjunction with SAML-based SSO for real-time provisioning, updating, and de-provisioning of team members based on changes in your Identity Provider.
To enable SCIM for your team, set up Single Sign-On for your workspace and then enable SCIM from the Security tab in your team-level settings. Refer to our docs for step-by-step instructions.
Support for multiple test-coverage reports
Some teams with large repositories generate multiple test coverage reports. Previously, the Test Coverage Analyzer expected the users to send a combined coverage report. This can become difficult if multiple jobs are running independently.
DeepSource now supports the implicit merging of coverage reports for large repositories with multiple test coverage reports. You can send multiple CI-generated reports under the same key name, and we’ll combine them all for a final result, making test coverage analysis easier. Read more in the docs.
New in Analyzers
- We now track documentation coverage in the Rust Analyzer with meta fields for configuration. Read more in the docs.
- 50 new checks for static analysis and SAST:
- C & C++: CXX-W2030, CXX-W2031, CXX-W2032, CXX-W2033, CXX-W2034, CXX-W2035, CXX-W2036, CXX-W2037, CXX-A1003, CXX-C1002
- C#: CS-R1111, CS-R1112, CS-R1113, CS-R1114, CS-R1115, CS-R1116, CS-W1083, CS-W1084
- Scala: SC-A1005, SC-R1071, SC-W1084, SC-W1085
- Rust: RS-E1034, RS-W1132, RS-W1128, RS-W1130, RS-C1016, RS-E1035, RS-W1129, RS-A1008, RS-W1131, RS-C1015, RS-W1116, RS-W1119, RS-P1009, RS-E1026, RS-E1027, RS-E1028, RS-E1029, RS-E1030, RS-E1031, RS-E1032, RS-W1123, RS-W1124, RS-W1125, RS-W1126, RS-W1127
- Java: JAVA-E1106, JAVA-E0321
- We’ve added Autofix™️ support for 11 checks:
- C#: CS-R1032, CS-R1107, CS-R1113, CS-W1069, CS-W1084
- Java: JAVA-W0379, JAVA-W1010, JAVA-W1032, JAVA-W1075
Fixes and Improvements
- We’ve added meta fields for configuring documentation coverage for the Ruby Analyzer. You can add these fields in your deepsource.toml file to configure documentation coverage for your Ruby files. Read more in the docs.
- Our public API now includes a Team object for easy querying of team member lists. Check out the docs for more information.
- We’ve resolved an issue on the issue detail page where selecting a code block would inadvertently select the line number. You can now copy code without also copying the line number.
- We have increased the storage limits for commit artifacts by 100 per repository to support large repositories with multiple test coverage reports.
- We’ve fixed an issue where the user settings page was giving a server error because of a memory leak.
- We’ve fixed four false positives:
- CS-S1001: We have fixed an issue where address fragments were flagged as insecure endpoints.
- JS-0125: We have fixed an issue where the rule was flagging NodeJS globals as undefined variables even when nodejs was added to the environment property in deepsource.toml file.
- PTC-W0049: will no longer be raised if the function is decorated.
- PYL-E1120: We have fixed a rare case where false positives were being reported when using *args.
- We’ve fixed three Autofix™️ failures in the Ruby Analyzer:
- RB-LI1078: We have fixed an issue where unused assignments in rescue statements were not being Autofixed.
- RB-LI1073: We have fixed an issue where issues were being raised for instances for which Autofix™️ was not possible.
- RB-ST1013: We have fixed an issue where issues were being raised for instances for which Autofix™️ was not possible.