Compliance reporting
OWASP Top 10 reports and shareable security posture insights
Proving your security posture shouldn't require a spreadsheet and a month of manual auditing. DeepSource generates compliance reports mapped to industry standards (OWASP Top 10, CWE/SANS Top 25, and MISRA C) and lets you share them with stakeholders in one click.
How it works
DeepSource maps every detected issue to the relevant compliance frameworks automatically. As your analyzers run on each commit, the compliance reports update in real time.
- Static analysis issues are tagged with their corresponding CWE identifiers
- CWE mappings roll up into OWASP Top 10, CWE/SANS Top 25, and MISRA C reports
- Reports show pass/fail status per category, active issue counts, and severity breakdowns
- Trend charts track your compliance posture over time: current vs. 1, 3, 6, and 12 months ago
- You can generate a shareable link (optionally password-protected) to send to auditors, customers, or leadership
What it covers
Security and compliance reports
- OWASP Top 10: maps your issues against the ten most critical web application security risks, with status, severity breakdown, and trend data
- CWE/SANS Top 25: tracks your standing against the 25 most dangerous software errors, ranked by severity and occurrence count
- MISRA C: compliance report for the MISRA C coding standard, relevant for safety-critical and embedded systems
Insight reports
- Code Health Trend: tracks new issues emerging per week across your codebase
- Issues Prevented: quantifies issues caught before they reached your default branch
- Issues Autofixed: shows how many issues were resolved automatically via Autofix™
- Issue Distribution: breaks down issues by category and language, with historical trends
- Code Coverage: (team-level) tracks coverage metrics and threshold compliance across repositories
Key features
- Always up-to-date: reports are generated from live analysis data, not periodic scans. Every commit updates your compliance posture automatically
- Repository and team-level views: drill into a single repository or see aggregate compliance across your entire organization
- Shareable with access controls: generate public report links with optional password protection. Choose which reports to include and whether to share historical data
- No extra setup: if you're already running DeepSource analysis, compliance reports are available immediately. No additional analyzers or configuration required
Getting started
Compliance reports are available automatically for any repository with analysis enabled. View them from the Reports dashboard, or see aggregate data across all repositories from your team's Reports page.