Nov 4, 2025

Agentic Secrets Detection

DeepSource's Secrets Analyzer now supports switching between two detection engines: Legacy (our existing static-only analysis engine), and the all new Hybrid AI Agent engine. This is now the recommended engine, and is powered by Narada, our open-source secrets classification model. To learn more, please read the announcement here.

You can switch the engine for your workspace in Settings -> General -> Preferences in your team dashboard. This is available to all teams on DeepSource Cloud. Refer to the docs here.

Switch detection engine for Secrets Analyzer

New in Analyzers

  • Go: Added support for Go v1.25.3.
  • Python: Maximum line-length checks now ignore common inline pragma markers and their trailing comments (for example: # noqa, # pylint: disable=..., # skipcq, # type: ignore, and # pyright: ignore), so that these suppressions do not cause otherwise-valid lines to fail the rule.
  • Java: Reduced false positives for JAVA-E1065 by ignoring cases introduced by test-related Spring/Mockito annotations such as @SpyBean, @MockitoBean, and @MockitoSpyBean.
  • Kubelint: Reporting coverage has been expanded, so 9 new issue types are now detected.

Ship clean and secure code.

Talk to SalesGet Enterprise trial