OSS vulnerability scanning for monorepos

DeepSource SCA now runs on monorepos. Each sub-repository gets its own Dependencies tab, with results scoped to the packages used by that sub-project.

When a sub-repository has its own lock file, DeepSource uses it directly. For workspace-style monorepos that share a single lock file at the root (npm, yarn, pnpm, bun, uv, and cargo workspaces), DeepSource still reports per-sub-repository results based on each sub-project's manifest.

To get started, open any sub-repository and go to its Dependencies tab. Read the docs for details.

AI Review on more programming languages

We've expanded AI Review to languages that don't have a DeepSource static analyzer behind them. The first batch covers ten:

• Dart
• Elixir
• Apex
• Groovy
• Objective-C
• VB.NET
• PowerShell
• Lua
• Erlang
• Perl

To turn it on, head to Settings → Code Review → Analyzers, pick the language, and hit Save changes.

Gateway API for Enterprise Server

DeepSource Enterprise Server now supports the Kubernetes Gateway API. When enabled, DeepSource creates an HTTPRoute attached to an existing Gateway instead of an Ingress.

You can configure this from the Admin Console under Config by setting Use Gateway API? to Yes and providing your Gateway name and namespace. See the docs for the full list of options.

This requires Enterprise Server v5.0.2 or later, and is currently available only for existing cluster installations.