DeepSource Agents leverage the power of LLMs (Large Language Models) to proactively monitor, analyze, and improve your codebase through an intelligent observe-reason-act loop. Agents work autonomously to enhance code security and quality by continuously monitoring your repositories, making informed decisions based on contextual understanding, and taking appropriate actions without developer intervention.

Available Agents

False Positive Triage Agent

The False Positive Triage Agent intelligently filters out noise from your code security alerts, saving your team valuable time and reducing alert fatigue.

When a potential security vulnerability is detected, the False Positive Triage Agent evaluates whether the issue poses genuine risk or is a false positive. The agent reasons through each alert using contextual understanding of your codebase, assessing factors like whether vulnerable code paths are actually executed, if dangerous functions are being properly used, and whether security controls are already in place that mitigate the risk.

CVE Prioritization Agent

The CVE Prioritization Agent identifies and elevates the most critical vulnerabilities in your third-party dependencies, enabling your security team to focus on what truly matters.

Going beyond standard severity ratings, the CVE Prioritization Agent analyzes multiple dimensions of each vulnerability, incorporating over 10 external and internal signals to determine true risk. The agent evaluates crucial factors such as reachability (whether vulnerable code is actually accessible from your application) along with CVSS scores, exploit potential, and fixability to create a comprehensive risk assessment.

Autofix™ Autopilot Agent

The Autofix™ Autopilot Agent autonomously identifies and fixes security vulnerabilities across your codebase. This agent continuously monitors your repositories and takes immediate action when vulnerabilities are detected, eliminating the delay between discovery and resolution.

Autopilot Agent can implement sophisticated fixes for both code-level vulnerabilities and dependency issues. When insecure third-party dependencies are identified, the agent automatically creates pull requests with the appropriate package upgrades, ensuring your software supply chain remains secure. For application code vulnerabilities like SQL injection, cross-site scripting, or insecure authentication, the agent analyzes the context, determines the optimal fix, and either commits directly to your existing pull requests or creates new ones with security patches.

Enable/Disable Agents

Agents are disabled by default. Team admins can enable or disable individual agents at any time from the Agents page of your team from the DeepSource dashboard.

To disable or pause an agent, click on the Agent status and select Disable or Pause from the dropdown.