We're pleased to announce the general availability of the monorepo mode for repositories, including support for three new VCS providers: GitLab, Bitbucket, and Azure DevOps Services. The initial release already supported GitHub. Learn more in the docs.

Cyclomatic Complexity

We've added checks for detecting complex code based on cyclomatic complexity thresholds. You can configure the level of complexity allowed in the Anlayzer's configuration to control how strict or relaxed the threshold is. The default threshold is set to medium.

Multiple Azure DevOps Services (ADS) tenants

We've added support for multiple Azure Directories (or tenants) when using our ADS integration. It's very common for teams using ADS to have segregation of tenants for different organizations they're a part of. With this release, it's possible to log in to DeepSource teams connected to ADS organizations across several tenants with the same DeepSource user account. Read more about getting started with ADS here.

New in Analyzers

  • We've added 120+ new static analysis and SAST checks in C#, Scala, Swift, Ruby, C/C++, and Kotlin Analyzers
  • Scala: We've added support for reporting documentation coverage metrics
  • Go: We've added support for Go v1.21.x runtime
  • C/C++: We've added support for configuring the C/C++ standard to be used for compilation in the Analyzer's meta options.

Fixes and Improvements

  • Auto Onboard now supports GitLab, Bitbucket, and Azure DevOps Services teams
  • Transformers and Autofix™️ are now supported in Azure DevOps Services repositories
  • You can now filter the list of issues in a repository's Issues tab based on severity
  • Hardcoded credentials detected by the Secrets Analyzer now have a new category called Secrets
  • We've fixed a bug in the Autofix tab that showed incorrect error states when the Autofix app isn't installed with proper permissions
  • We've fixed the update issue priority action on the Issue Priority settings page
  • Commit messages and pull requests created by Autofix™️ and Transformers now follow Conventional Commits guidelines
  • The list of users in repository members is now sorted in the reverse order of permissions
  • C#: Fixed Autofix failures in CS-R1032, CS-W1000.
  • C#: Fixed false-positives in CS-R1060 where it was incorrectly flagging getters that cannot be converted to auto-properties.
  • C#: Fixed false-positives in CS-R1137 where it was not considering field modifications and increment/decrement operations and suggesting the corresponding field to be incorrectly use readonly.
  • JavaScript: Fixed scenarios where the Analyzer was not respecting ESLint global pragmas.
  • JavaScript: Fixed false-positives in JS-0093 where it incorrectly flagged expect statements in test files as unused expressions.
  • JavaScript: Fixed false-positives in JS-C1003. This rule now won't flag imports from certain packages that cannot be used without a wildcard.
  • JavaScript: Fixed false positives in JS-0125 due to some global environments not being respected.
  • Python: Fix false-positives in PTC-W0049, PTC-W0065, PYL-W0109, FLK-E101, and PYL-E1102.
  • Ruby: Fix false-positives in RB-LI1078 when the assignment happens inside a case statement that is the last statement of a method, as that value gets returned implicitly from the method
  • Java: Fixed false positives in JAVA-W1051, JAVA-W1004, JAVA-W1025, JAVA-E1085, JAVA-W1028, JAVA-E1109, JAVA-W1088, JAVA-W1060, JAVA-W0324, JAVA-W1042.