Full codebase review

Every commit to your default branch is analyzed for bugs, anti-patterns, security vulnerabilities, and style violations. DeepSource tracks the full state of your codebase over time so you can measure and improve code health.

How it works

1. You activate a repository from the DeepSource dashboard. Languages are auto-detected, and matching analyzers are enabled automatically
2. On each commit to your default branch, DeepSource runs a full analysis and reports issues with file and line references, descriptions of why the pattern is problematic, and suggested fixes

What it covers

DeepSource ships analyzers for general-purpose languages, infrastructure-as-code, and configuration files. See the Languages reference for the full list.

Issue categories:

• Bug risk: logic errors, null dereferences, race conditions, resource leaks
• Security: injection vulnerabilities, insecure crypto, hardcoded secrets, OWASP Top 10 patterns
• Anti-patterns: code smells, unused variables, dead code, unnecessary complexity
• Style: formatting violations, naming conventions, documentation coverage
• Performance: inefficient patterns, unnecessary allocations, suboptimal data structures

Key features

• Zero configuration: activate a repository and analysis starts. No YAML files to write, no CI pipeline to modify, no agents to install
• Autofix™: DeepSource doesn't just find issues, it fixes them. AI-powered Autofix can generate fixes for most detected issues automatically
• Noise reduction: test file patterns, exclude patterns, and ignore rules let you suppress false positives without disabling entire rule categories

Getting started

For a full setup walkthrough, see the Quickstart and Configure analyzers. To learn about fixing detected issues, see Fix issues and vulnerabilities.