Retry analysis checks

Sometimes one or more checks in an analysis run can fail due to an unexpected error during analysis or because it took too long to finish. You can now retry either an individual or all checks in a run from the run on DeepSource. Go to the History tab in your repository's dashboard, find the check you want to retry, and click the "Retry check" button. You can also retry all unsuccessful checks by clicking the "Retry all unsuccessful checks" button. Read more in the docs.

Improved user sync from GitHub

We've improved how we sync users, roles, and access control settings from GitHub on Enterprise Server, making managing your team on DeepSource easier.

  • All new users who sign up on a DeepSource Enterprise Server instance without an invite link are now automatically added to the organizations on DeepSource that they can access through GitHub.
  • Whenever you add a new user to your GitHub organization, they will automatically be added to the organization on DeepSource, if it exists. This way, you save a few clicks having to manually add them to DeepSource — even if you're not using SSO/SAML.

To start using the improved user sync from GitHub, go to the Access Control tab in your team settings and enable the "Automatically sync access settings from GitHub" toggle. Read more in the docs.

New in Analyzers

  • Ruby: You can now configure the Analyzer to skip non-public methods when calculating documentation coverage. To do this, add the non_public parameter to the skip_doc_coverage parameter in the config file.
  • We've added 39 new checks for static analysis and SAST:
  • C#: CS-R1122, CS-R1123, CS-R1124, CS-R1125, CS-W1085, CS-W1086, CS-W1087, CS-P1022, CS-R1126, CS-R1127
  • Ruby: RB-S1002, RB-S1003
  • Java: JAVA-W1087, JAVA-E1107, JAVA-W1086, JAVA-E1109, JAVA-W1088
  • Rust: RS-W1133, RS-A1009, RS-W1134
  • Docker: DOK-W1002, DOK-W1003, DOK-W1004, DOK-W1005, DOK-W1006, DOK-W1007, DOK-W1008, DOK-W1009, DOK-W1010, DOK-W1011, DOK-E1002
  • SQL: SQL-L031, SQL-L032, SQL-L033, SQL-L034, SQL-L035, SQL-L036, SQL-L037, SQL-L038, SQL-L039, SQL-L040, SQL-L041, SQL-L042, SQL-L043, SQL-L044, SQL-L045, SQL-L047, SQL-L048, SQL-L049, SQL-L050, SQL-L051, SQL-L052, SQL-L053, SQL-L054, SQL-L055, SQL-L058
  • We've added Autofix™️ for 10 checks:
  • Java: JAVA-W1070, JAVA-W1063, JAVA-W1029, JAVA-W1028, JAVA-W1025, JAVA-W0417, JAVA-W1030, JAVA-W1077, JAVA-W0077, JAVA-W1064, JAVA-W1086
  • C#: CS-R1122, CS-R1123, CS-W1016, CS-R1126, CS-R1127.

Fixes and Improvements

  • We've fixed an issue where the Autofix™️ button was not visible on the history page for issues that supported Autofix™️ but were configured not to fail the analysis runs. The Autofix™️ button is now shown for all Autofix-supported issues on the runs page, regardless of their analysis run failing status.
  • The Ruby Analyzer previously miscalculated the documentation coverage metric by considering only the modified files. We have resolved this issue, ensuring the metric is accurately calculated for the entire repository.
  • We've temporarily disabled the Autofix™️ for RB-PR1017 as it needs a more comprehensive fix.
  • Autofix™️ for RB-LI1009 previously failed to generate a fix for the issue when invoked on the Socket class. This was due to the absence of a clear replacement method for the deprecated class, requiring additional user input to resolve the issue. To prevent further failures, we have disabled reporting of this issue for the Socket class.
  • We've fixed an issue where deactivated repositories' issues incorrectly appeared in the team-level Issue Distribution report, ensuring that only active repositories are included for accurate analysis.
  • Previously, the Go Analyzer faced failures in issue reporting when analyzing user packages that used Generics due to a bug in the golang.org/x/tools library. To resolve this, we updated the tools library. As a result, packages utilizing Generics will now compile without any failures, leading to improved issue reporting.
  • We've fixed an issue where Java Autofixes would produce incorrect output for strings or comments in languages other than English. This could cause characters to be jumbled or skipped.
  • We've fixed an issue where the aggregate calculation in Java Code Coverage reports was incorrect due to a slight discrepancy in the reported number of files, ensuring accurate and reliable coverage metrics.
  • We've fixed an issue where the Rust Analyzer's Autofix™ would crash when executed on the last line of a file that didn't end with a trailing newline.
  • We have disabled JAVA-E1083 and JAVA-E1084 due to problems with reliability and false positives.
  • The Autofix™️ for JAVA-W1010 will no longer move default cases to the end if we find that the default is associated with others due to a fallthrough.
  • We've fixed false negatives caused by various TypeScript rules not being enabled in VueJS files.
  • We've fixed an issue in the Secrets Analyzer where false positives were raised for generic API keys and private keys, improving the accuracy of the analysis results.