Code Analysis

.deepsource.toml

This section covers .deepsource.toml configuration specific to the scala analyzer. Please make sure to read the general configuration guide first.

name

  • Type: String
  • Presence: mandatory
  • Description: Shortcode of the analyzer.
  • Example:
name = "scala"

enabled

  • Type: Boolean
  • Presence: optional
  • Description: Toggle whether this analyzer should be run.
  • Example:
enabled = true

meta

  • Type: Table
  • Presence: optional
  • Description: Any supported metadata to pass to the analyzer.
  • Example:
[analyzers.meta]
cyclomatic_complexity_threshold = "high"
cyclomatic_complexity_threshold
  • Type: String
  • Presence: optional
  • Description: Specify the acceptable risk category for your project as the threshold. All functions with complexity beyond this threshold will raise an issue. For example, setting the threshold to low will flag all functions that have a cyclomatic complexity of more than 5, while setting the threshold to critical will not flag any function.
  • Available Values: low, medium, high, very-high and critical
Risk categoryCyclomatic complexity rangeRecommended action
low1-5No action is needed.
medium6-15Review and monitor.
high16-25Review and refactor. Recommended to add detailed comments if the function absolutely needs to be kept as it is.
very-high26-50Refactor to reduce the complexity.
critical>50Must refactor this. This can make the code untestable and very difficult to understand.
  • Default Value: medium
  • Example:
[analyzers.meta]
cyclomatic_complexity_threshold = "high"

Sample config

version = 1

test_patterns = [
  "src/test/scala/**"
]

exclude_patterns = [
  "**/examples/**"
]

[[analyzers]]
name = "scala"
enabled = true

  [analyzers.meta]
  cyclomatic_complexity_threshold = "high"

Code Coverage

Jacoco

Add sbt-jacoco to your project by adding the following line to your project/plugins.sbt:

addSbtPlugin("com.github.sbt" % "sbt-jacoco" % "<version>")

Then run sbt jacoco to generate the coverage report. By default, you’ll find the report in /target/scala-{version}/jacoco/report.

Note: To customize Jacoco’s coverage behavior, you’ll need to make changes to your build.sbt. Refer to Jacoco’s documentation for more information.

Once you have a coverage report, you can upload it to DeepSource with the following commands:

# Install deepsource CLI
curl https://deepsource.io/cli | sh

# Set the DEEPSOURCE_DSN env variable from the reporting tab of
# your repository's DeepSource settings page.
export DEEPSOURCE_DSN=https://sampledsn@deepsource.io

# From the project's root directory, run the report coverage command
./bin/deepsource report --analyzer test-coverage --key scala --value-file target/scala-2.13/jacoco/report/jacoco.xml

Cobertura

You can also use Cobertura format coverage reports with the Scala analyzer. Generate your Cobertura report according to your build setup, then submit it using similar steps to the Jacoco example above.

Code Formatter (Transformer)

scalafmt

Transform all incoming Scala code with scalafmt, the official Scala code formatter.

This section covers .deepsource.toml configuration specific to the scalafmt transformer. Please make sure to read the general configuration guide first.

name

  • Type: String
  • Presence: mandatory
  • Description: Shortcode of this transformer.
  • Example:
name = "scalafmt"

enabled

  • Type: Boolean
  • Presence: optional
  • Description: Toggle whether this transformer should be run.
  • Example:
enabled = true

Sample transformer config

[[transformers]]
name = "scalafmt"
enabled = true

Vulnerability Scanning

Vulnerability scanning is not supported for the Scala at this time.