Core analyzers

Configuration reference for all DeepSource analyzers, including code analysis, coverage, and vulnerability scanning.

This page documents the configuration options for every DeepSource analyzer. Each analyzer can be enabled and configured through the dashboard under Settings > Code Review — no configuration file is needed.

Dashboard configuration (default)

DeepSource auto-detects languages in your repository, and all analysis settings are managed through Settings > Code Review in the dashboard. No .deepsource.toml file is needed for new repositories.

TOML configuration (optional)

If your repository contains a .deepsource.toml file, DeepSource reads it and uses it to configure analysis. You can disable TOML-based configuration for a repository under Settings > Preferences.

Supported languages

Analyzer	Status
Docker	GA
Go	GA
Rust	GA
Java	GA
Scala	GA
C#	GA
JavaScript	GA
PHP	GA
Python	GA
Ruby	GA
Shell	GA
SQL	GA
C & C++	Beta
Terraform	GA
Swift	Beta
Kotlin	Beta

TOML file reference

If your repository contains a .deepsource.toml file, DeepSource reads it and uses it to configure analysis. The file supports the following top-level fields:

`version`

Type: Integer
Presence: mandatory
Description: The version of the configuration file format. Currently, the only supported value is 1.

version = 1

`exclude_patterns`

Type: Array of Strings
Presence: optional
Description: Glob patterns to exclude files from analysis (e.g. test fixtures, generated code, vendor directories).

exclude_patterns = [
  "migrations/**",
  "**/examples/**",
  "vendor/**"
]

`test_patterns`

Type: Array of Strings
Presence: optional
Description: Glob patterns to identify test files. Helps reduce false positives by distinguishing application code from test code.

test_patterns = [
  "tests/**",
  "test_*.py",
  "**/*_test.go"
]

`analyzers`

Type: Array of Tables
Presence: mandatory (at least one analyzer)
Description: Each entry defines an analyzer to run. Every entry supports name (String, mandatory), enabled (Boolean, optional, defaults to true), dependency_file_paths (Array of Strings, optional), and meta (Table, optional — analyzer-specific options documented below).

`code_formatters`

Type: Array of Tables
Presence: optional
Description: Each entry defines a code formatter to run on pull requests. Supports name (String, mandatory) and enabled (Boolean, optional). See the Code Formatters reference for available formatters.

The code_formatters key replaces the legacy transformers key. Both are supported for backward compatibility.

Complete example

version = 1

exclude_patterns = [
  "vendor/**"
]

test_patterns = [
  "tests/**"
]

[[analyzers]]
name = "python"
enabled = true

  [analyzers.meta]
  runtime_version = "3.x.x"

Python

Analyzer shortcode: python

Code Analysis

The Python analyzer detects bugs, anti-patterns, security issues, and style violations in Python 2 and Python 3 code. It also supports type checking via mypy.

Option	Type	Default	Description
`runtime_version`	String	`"3.x.x"`	Python runtime version (`"2.x.x"` or `"3.x.x"`)
`max_line_length`	Integer	`88`	Maximum allowed line length (min `79`)
`skip_doc_coverage`	Array	`["module", "magic", "init"]`	Artifacts to skip for doc coverage (`module`, `magic`, `init`, `class`, `nonpublic`)
`type_checker`	String	None	Type checking analyzer (`"mypy"`)
`additional_builtins`	Array	None	Additional built-in names from user or third-party modules
`cyclomatic_complexity_threshold`	String	`"medium"`	Risk threshold: `low`, `medium`, `high`, `very-high`, `critical`

Option	Type	Default	Description
`import_root`	String	None	Repository placed at `$GOPATH/src/{import_root}`. Required if not using Go Modules.
`import_paths`	Array	None	Override auto-detected import paths
`skip_doc_coverage`	Array	None	Artifacts to skip for doc coverage (`file`)
`dependencies_vendored`	Boolean	`false`	Skip dependency installation if vendored
`build_tags`	Array	None	Build tags for conditional compilation
`cgo_enabled`	Boolean	`true`	Whether packages use CGo
`cyclomatic_complexity_threshold`	String	`"medium"`	Risk threshold: `low`, `medium`, `high`, `very-high`, `critical`

File name	Package Manager
go.mod	go modules
Gopkg.lock	dep
GLOCKFILE	glock
Godeps/Godeps.json	godep
dependencies.tsv	godeps
glide.lock	glide
vendor.conf	trash
trash.yaml	trash
vendor/manifest	gvt
vendor/vendor.json	govendor
No dependency file	No deps installed

Option	Type	Default	Description
`plugins`	Array	None	Frameworks: `react`, `vue`, `ember`, `meteor`, `angular`, `angularjs`
`dependency_file_paths`	Array	None	Paths to directories with `package.json` or `tsconfig.json`
`environment`	Array	`["nodejs", "browser"]`	Global variable environments: `nodejs`, `browser`, `jest`, `mocha`, `jasmine`, `jquery`, `mongo`, `cypress`, `vitest`
`globals`	Array	None	Custom global variables
`module_system`	String	`"es-modules"`	Module system: `commonjs`, `es-modules`, `amd`
`dialect`	String	`"typescript"`	JavaScript dialect: `typescript`, `flow`
`skip_doc_coverage`	Array	`[]`	Artifacts to skip: `function-declaration`, `function-expression`, `arrow-function-expression`, `class-declaration`, `class-expression`, `method-definition`
`style_guide`	String	None	Style guide: `airbnb`, `google`, `standard`
`cyclomatic_complexity_threshold`	String	`"high"`	Risk threshold: `low`, `medium`, `high`, `very-high`, `critical`

On this page