Vanta is an industry leader in compliance automation — they simplify the complex, time-consuming process of preparing for SOC 2, ISO 27001, and several other compliances, and automate the implementation and monitoring of controls. We're excited to announce our official integration with Vanta, which will allow companies to ensure they're compliant with the controls related to source code security by discovering these issues directly in their Vanta dashboard. Please note that the Vanta integration is currently exclusive to DeepSource Cloud. Read more in the docs.

Improved user onboarding for GitHub organizations

We've made some significant improvements in the new user signup flow for teams that use GitHub with DeepSource:

• New users signing up on the DeepSource instance will now be automatically added to teams they are already a part of on GitHub, eliminating the need to be added to teams explicitly.
• In cases where a user is not associated with any GitHub team, they will be presented with a list of DeepSource Enterprise administrators during the signup process, whom they can contact to be added to a team.
• Only DeepSource Enterprise administrators will be directed to the installation page after signup, while other users will follow the aforementioned flow for a seamless experience.

Skip analysis for commits

You can now prevent DeepSource analysis and Transformers from running for a specific commit by simply including any of the following case-sensitive strings in the commit message: skip ci, ci skip, no ci, and skipcq. Read more in the docs.

New in Analyzers

We've added 15 new static analysis and SAST checks:

• C#: CS-P1022, CS-P1023, CS-R1126, CS-R1127, CS-R1129, CS-R1130, CS-W1088.
• Java: JAVA-W1087, JAVA-E1107, JAVA-W1086, JAVA-W1088
• JavaScript: JS-W1041, JS-W1042
• Rust: RS-W1135, RS-A1010

We've added Autofix™ for 12 checks:

• JavaScript: JS-W1042
• Java: JAVA-E1106, JAVA-W1057, JAVA-W1070, JAVA-W1063, JAVA-W1029, JAVA-W1028, JAVA-W1077, JAVA-W0077, JAVA-W1064, JAVA-W1025, JAVA-W0417, and JAVA-W1030

Fixes and Improvements

• In the public API, a severity field has been added to Issue type. Also, the title field in Occurrence type now shows the correct value. Read more in the docs.
• We've made improvements to the layout of the repository dashboard, with a cleaner look for the header and overview.
• We've fixed a bug in which DeepSource was failing to store commit messages for cross-repository PRs.
• We've fixed a bug where the issues list would erroneously override when navigating to a different repository while the fetching of issues, associated with the previous repository, was still in progress.
• CS-W1063's Autofix™ no longer fails due to improper marking lookup.
• CS-P1005 is no longer raised if the user is checking and updating a key's value in a Dictionary.
• CS-S1001 now excludes w3 domains.
• CS-R1028 no longer flags ctor as empty and redundant if Serializable attribute is present.
• TODO and FIXME tokens in a comment are now correctly identified.
• CS-A1003 is no longer raised inside a switch case with a default label.
• CS-W1031 now correctly detects object along with object? in parameter list.