VS Code Extension
We're excited to announce DeepSource's VS Code Extension, now in private beta. You can now detect, understand, and effortlessly resolve issues directly from VS Code. You can install the plugin here. For installation steps and a quick tutorial, please read the documentation.
Support for monorepos
For teams that use a monorepo workflow for development, managing different quality and security gates for different sub-repos can be challenging, since VCS providers lack first-class support for monorepos. In this release, we've launched first-class support for monorepos. You can convert any repository on DeepSource into a monorepo and map subfolders as sub-repositories. Then, each sub-repository can be used as a first-class repository on DeepSource — complete with its own issue baseline tracking, intelligent PR checks, and quality gates. Read more about it in the docs.
New in Analyzers
We've added 30+ new static analysis and SAST checks:
- C#: CS-R1131, CS-R1132, CS-R1133, and CS-R1134
- Java: JAVA-E1109, JAVA-E1089, JAVA-W1090, JAVA-W1091, JAVA-W1092, JAVA-W1093, JAVA-W1094, JAVA-W1096, JAVA-W1097
- JavaScript: JS-W1042, JS-W1043, JS-W1044
- Scala: SC-R1074, SC-R1075, SC-R1076, SC-R1077, SC-R1078, SC-R1079, SC-R1080, SC-R1081, SC-R1082, SC-W1087, SC-W1088
- Ruby: RB-E1009, RB-S1004, RB-S1005
We've added Autofix™ for 12 checks:
- JavaScript: JS-W1042, JS-W1044
- Java: JAVA-W1086, JAVA-W1016, JAVA-E1097, JAVA-W1031, JAVA-E1063, JAVA-E1032, JAVA-W1038, JAVA-E1042, JAVA-W1091
Fixes and Improvements
- The Swift analyzer is live on Enterprise Server, with 78 checks and 15 Autofixes. Read more about it in the blog.
- The Kotlin analyzer is live on Enterprise Server, with 50 checks. Read more about it in the blog.
- Users can now use Autofix™️ on up to 1000 files at once.
- We've made performance improvements in the PAT authentication in the public API. You should see faster response times when using the API.
- We've updated broken documentation URLs being sent in commit statuses & checks.
- We've fixed an issue in the Jira integration in which only the first 500 projects would be shown in the integration settings.
- In our Secrets analyzer, we've added dedicated issues for tokens for 40 unique APIs. We now show specific remediation steps for these API providers.
- JAVA-W0324 is no longer reported for methods of classes that have inner classes.
- JAVA-W1066 is no longer reported for methods defined in local types.
- JAVA-C1003 is no longer raised for loops with multiple loop variables.
- JAVA-W1029 is no longer raised if the resolved type is not in explicit imports.
- JAVA-W1029 is no longer raised for swing constants such as EXIT_ON_CLOSE.
- JAVA-W0412 is no longer reported when switch cases have the same body, but different arms.
- JAVA-W1088 is no longer reported for classes annotated with @TestConfiguration.
- JAVA-E1036 is no longer reported when a remove operation is done on a map which has values of the correct type.
- JAVA-W0324 is not reported anymore for valid private methods declared and used within a nested class.
- JAVA-W1069 is no longer reported for static symbol imports that are not unused.
- JAVA-W1069 is no longer reported on constructor calls with empty type parameter lists (like SomeType<>(...))
- JAVA-E1086 is no longer reported for clone calls on arrays.
- Fixed a false positive where JAVA-W1069 was reported for symbols that existed in the same package.
- Fixed a false positive where JAVA-W1069 was reported on constructors with empty type parameter lists.
- JavaScript issues for imported modules no longer raise spurious parse errors
- Fixed some bugs with ESLint's schema validation.
- JavaScript issues JS-0059 and JS-0050 are no longer raised on the same span.
- JS-W1042 is no longer raised in TS files.
- JS-R1002 now respects ESLint pragmas.
- JS-0356 and JS-0128 no longer raise false positives on Vue files.
- PHP: we've added support for # for skipcq comments.
- Scala issue SC-R1069 is no longer raised for new in apply().
- Scala issue SC-W1083 no longer marks implicit parameters as unused.
- We now offer support for handling compressed test coverage artifacts reported through DeepSource CLI.