Usage

deepsource <command> [flags]

Run deepsource <command> --help to see help for any command.

Key behaviors

Output format: Most commands support --output pretty (default) and --output json. Use JSON for scripting and automation.

Repository flag: Pass --repo/-r in provider/owner/name format (e.g., gh/org/repo). When omitted, CLI detects the repository from the current working directory.

Branch detection: CLI detects the current git branch and queries data for it by default. Commands like issues, metrics, and vulnerabilities scope results to the checked-out branch.

Scope filters: Commands that return analysis data accept --commit, --pr, and --default-branch flags to scope results. These are mutually exclusive.

Pagination: List commands (issues, metrics, vulnerabilities) automatically fetch all matching results (up to 1000). Use --limit to control how many results are displayed.

Authentication (`auth`)

Command	Description
`auth login`	Authenticate with DeepSource
`auth logout`	Log out
`auth status`	Check authentication status

Flag	Description
`--host`	Hostname for Enterprise Server deployments. `--hostname` still works but is deprecated
`--with-token`	Authenticate using a Personal Access Token. You can generate one from your account settings
`--interactive`	Force interactive browser-based login

# Browser-based login
deepsource auth login

# Token-based login
deepsource auth login --with-token <PAT>

# Enterprise Server login
deepsource auth login --host deepsource.corp.com

Repository (`repo`)

Command	Description
`repo dashboard`	Open the DeepSource dashboard in your browser
`repo status`	View repository details including activation status, enabled analyzers, and dashboard link

`repo dashboard` flags

Flag	Description
`--repo/-r`	Repository in `provider/owner/name` format

`repo status` flags

Flag	Description
`--repo/-r`	Repository in `provider/owner/name` format
`--output/-o`	Output format: `pretty` (default) or `json`

# Check if the repo in cwd is activated
deepsource repo status

Analysis

`runs`

DeepSource reviews every commit and pull request on activated repositories. Each review is called a "run." Use this command to list recent runs and their results.

If the latest review is still pending, CLI automatically falls back to the last completed run.

Flag	Description
`--repo/-r`	Repository in `provider/owner/name` format
`--limit`	Maximum number of runs to display (default: 20)
`--output/-o`	Output format: `pretty` or `json`
`--commit`	Show metadata and issues summary for a specific commit

deepsource runs
deepsource runs --limit 5 --output json

`issues`

View code issues detected by DeepSource, filtered by severity, category, analyzer, or file path.

Flag	Description
`--repo/-r`	Repository in `provider/owner/name` format
`--limit`	Maximum number of issues to display (default: 0, show all)
`--output/-o`	Output format: `pretty` or `json`
`--verbose`	Show issue description
`--commit`	Scope to a specific commit
`--pr`	Scope to a pull request
`--default-branch`	Scope to the default branch
`--analyzer`	Filter by analyzer shortcode
`--category`	Filter by category: `anti-pattern`, `bug-risk`, `performance`, `security`, `coverage`, `typecheck`, `style`, `documentation`
`--severity`	Filter by severity: `critical`, `major`, `minor`
`--path`	Filter by file path
`--source`	Filter by source: `static`, `ai`

deepsource issues
deepsource issues --severity critical --analyzer python
deepsource issues --pr 42 --output json

`metrics`

View repository metrics — code coverage percentages, code health scores, documentation coverage, and other quantitative measures tracked by DeepSource.

Flag	Description
`--repo/-r`	Repository in `provider/owner/name` format
`--limit`	Maximum number of metrics to display (default: 0, show all)
`--output/-o`	Output format: `pretty` or `json`
`--verbose`	Show additional details for each metric
`--commit`	Scope to a specific commit
`--pr`	Scope to a pull request
`--default-branch`	Scope to the default branch

deepsource metrics
deepsource metrics --output json

`report-card`

View the repository report card — a per-analyzer summary of issue counts and status, giving you a snapshot of code health across the entire codebase.

Flag	Description
`--repo/-r`	Repository in `provider/owner/name` format
`--output/-o`	Output format: `pretty` or `json`
`--commit`	Scope to a specific commit
`--pr`	Scope to a pull request

deepsource report-card
deepsource report-card --repo gh/org/repo --output json

`vulnerabilities`

View dependency vulnerabilities found in the repository.

Flag	Description
`--repo/-r`	Repository in `provider/owner/name` format
`--limit`	Maximum number of vulnerabilities to display (default: 0, show all)
`--output/-o`	Output format: `pretty` or `json`
`--verbose`	Show CVSS score, summary, fix versions, and reachability
`--commit`	Scope to a specific commit
`--pr`	Scope to a pull request
`--default-branch`	Scope to the default branch
`--severity`	Filter by severity: `critical`, `high`, `medium`, `low`, `none`

none refers to vulnerabilities that have a CVE assigned but no severity rating yet.

deepsource vulnerabilities
deepsource vulnerabilities --severity critical --output json

Reporting (`report`)

Send artifacts like test coverage data to DeepSource. Unlike the query commands above, report pushes data from your environment to DeepSource for processing.

This command requires the DEEPSOURCE_DSN environment variable to be set unless you're using OIDC authentication. You can find the DSN in your repository's Settings page.

deepsource report --analyzer=test-coverage --key=python --value-file=coverage.xml

Flags

Flag	Description
`--analyzer`	Name of the analyzer (e.g., `test-coverage`)
`--analyzer-type`	Type of the analyzer
`--key`	Language shortcode: `python`, `go`, `javascript`, `ruby`, `java`, `scala`, `php`, `csharp`, `cxx`, `rust`, `swift`, `kotlin`
`--value`	Value of the artifact
`--value-file`	Path to the artifact value file
`--use-oidc`	Use OIDC for authentication instead of `DEEPSOURCE_DSN`
`--oidc-provider`	OIDC provider to use for authentication. Supported providers: `github-actions`
`--oidc-request-token`	OIDC request token (for CI environments)
`--oidc-request-url`	OIDC provider's request URL to fetch an OIDC token
`--host`	DeepSource host URL for Enterprise Server deployments. Falls back to the host saved during `auth login`, then to `https://app.deepsource.com`
`--skip-verify`	Skip TLS certificate verification
`--output/-o`	Output format: `pretty` (default) or `json`

OIDC authentication in GitHub Actions

Instead of storing a DEEPSOURCE_DSN secret, you can use OIDC tokens provided by GitHub Actions for authentication:

OIDC-based authentication is currently only supported with GitHub Actions.

- name: Report coverage
  run: |
    deepsource report \
      --analyzer=test-coverage \
      --key=python \
      --value-file=coverage.xml \
      --use-oidc \
      --oidc-request-token $ACTIONS_ID_TOKEN_REQUEST_TOKEN

Setup

`completion`

Install shell completions for the deepsource command. The shell is auto-detected based on your environment.

deepsource completion

Supported shells and install locations:

Shell	Completion file
bash	`~/.local/share/bash-completion/completions/deepsource`
zsh	`~/.zsh/completions/_deepsource`
fish	`~/.config/fish/completions/deepsource.fish`

For zsh, the completions directory is automatically added to fpath in ~/.zshrc if needed. Restart your shell after installing completions for them to take effect.

Global flags

These flags can be used with any command.

Flag	Description
`-h, --help`	Show usage and available commands
`-v, --version`	Print version

Examples

View critical issues filtered by analyzer

deepsource issues --severity critical --analyzer python --limit 10

Get metrics as JSON for scripting

deepsource metrics --output json | jq '.metrics[] | {name, value}'

Report coverage with OIDC in GitHub Actions

deepsource report \
  --analyzer=test-coverage \
  --key=go \
  --value-file=coverage.out \
  --use-oidc

Check vulnerabilities by severity

deepsource vulnerabilities --severity high

View recent code reviews

deepsource runs --limit 5

On this page