Today, we are excited to announce a significant addition to DeepSource – Community Analyzers, broadening the technologies and languages supported by DeepSource. Community Analyzers are third-party, open-source static analyzers that you can now leverage within DeepSource.
What are Community Analyzers?
Community Analyzers are open-source third-party static analyzers that are executed as part of your existing CI pipeline and the results are reported to DeepSource using the OASIS standard SARIF (Static Analysis Results Interchange Format) format. Unlike our Core analyzers, Community Analyzers do not run on DeepSource's infrastructure. This approach ensures that you can utilize DeepSource’s powerful analysis features and broadens the horizon of technologies and languages you can now analyze using DeepSource. You are no longer limited to the analyzers we provide natively.
The initial release adds support for Kube Linter, Dart Analyze, Slither and AWS CloudFormation Linter, with support for more to come in the near future. To simplify your onboarding experience, all analyzers have pre-configured ready-to-use CI snippets tailored for popular CI providers like Azure Pipelines, GitHub Actions, Circle CI, and more.
Centralized management & seamless CI integration
Despite running the analyzers externally, you get to manage all issues in one centralized dashboard in DeepSource. This means you can track and address code health issues across different languages and tools without juggling multiple platforms. Moreover, you can leverage all of DeepSource's features with these analyzers. This includes:
- Quality Gates: Set quality standards for your codebase and ensure they are met before merging code.
- Issue Diffing: Only see newly introduced issues in a pull request compared to the main branch.
- Ignore Rules: Fine-tune what issues to track and what to ignore based on your project's needs.
Getting started
Leveraging Community Analyzers is a straightforward process, mirroring the usage of Core Analyzers, with just one extra step. All supported Community Analyzers can be found in the Analyzer Directory. After enabling the analyzer in the repository's`.deepsource.toml` configuration file, use one of the CI configuration snippets which is pre-configured to execute the analyzer and report the results in SARIF format back to DeepSource. Refer to the documentation for detailed setup instructions.
Contributing new analyzers
All community analyzers supported by DeepSource are maintained in an open-source repository. This opens up new avenues for community contributions. If you would like to add support for a static analyzer on DeepSource, consider opening a pull request with the analyzer's metadata. Refer to the contribution instructions for more info.
Community analyzers are available for DeepSource Cloud users across all the plans today, and will be available for Server customers by the end of this month. Feedback/questions? Let us know by starting a thread at discuss.deepsource.com
