Let’s fix code health issues and security vulnerabilities identified by DeepSource, using both manual fixes and automated remediation options.
When addressing code health issues flagged in the DeepSource dashboard, you have two options. The first approach involves manually fixing the issues, while the second method involves Autofix™ — our auto remediation engine.
If you choose to manually fix the issues, you can follow these steps:
In the dashboard, you’ll see a prompt to install the Autofix™ app. Simply click ‘Install Autofix’ to begin. If you’re using an organization or team account, you can choose to install Autofix on all repositories or select repositories. After you click ‘Install’, you’ll be taken to the VCS provider’s App site to finish the setup.
If you open an issue from the dashboard that has Autofix™ support, you’ll see the Autofix™ button on the top. All you have to do is click on it and confirm which files you want to run Autofix™ on.
It takes a few seconds for DeepSource to generate the fixes, and once you’ve verified all the fixes, click on the ‘Create pull request’ button, and DeepSource will create a pull request with fixes for this issue on your repository automatically.
Once you’ve made a new pull request on your GitHub repository, DeepSource analysis will start right away. Once the checks finish, click on the ‘details’ action adjacent to a failing check to view the issues you’ve just introduced.
If any of these issues support Autofix™, you’ll see the Autofix™ button. In this case, the only difference is that running Autofix™ will create a commit directly on the PR.
When DeepSource identifies security vulnerabilities in your project dependencies, you can remediate them using either Autofix (when available) or manual fixes.
Before attempting to fix a vulnerability, it’s important to understand its details. DeepSource provides comprehensive information about each vulnerability:
Dynamic Risk Score helps you prioritize vulnerabilities based on real-world impact, allowing your security team to allocate resources more effectively.
When available, Autofix provides the fastest way to remediate vulnerabilities in your dependencies:
The Autofix interface shows:
To apply the fix, simply click “Apply fix with pull request” to automatically create a PR with the necessary changes.
When Autofix isn’t available for a vulnerability, you’ll need to manually upgrade your dependencies:
The manual fix view provides:
After identifying the appropriate upgrade path, manually update your dependency manifest file and run your package manager’s update command to apply the changes.
To help prioritize vulnerability fixes, DeepSource provides reachable call graphs for many vulnerabilities:
This section shows:
This information helps you understand how a vulnerability could be exploited in your specific application context, making remediation efforts more targeted and effective.
Steps on how to ignore an issue can be found here.
Let’s fix code health issues and security vulnerabilities identified by DeepSource, using both manual fixes and automated remediation options.
When addressing code health issues flagged in the DeepSource dashboard, you have two options. The first approach involves manually fixing the issues, while the second method involves Autofix™ — our auto remediation engine.
If you choose to manually fix the issues, you can follow these steps:
In the dashboard, you’ll see a prompt to install the Autofix™ app. Simply click ‘Install Autofix’ to begin. If you’re using an organization or team account, you can choose to install Autofix on all repositories or select repositories. After you click ‘Install’, you’ll be taken to the VCS provider’s App site to finish the setup.
If you open an issue from the dashboard that has Autofix™ support, you’ll see the Autofix™ button on the top. All you have to do is click on it and confirm which files you want to run Autofix™ on.
It takes a few seconds for DeepSource to generate the fixes, and once you’ve verified all the fixes, click on the ‘Create pull request’ button, and DeepSource will create a pull request with fixes for this issue on your repository automatically.
Once you’ve made a new pull request on your GitHub repository, DeepSource analysis will start right away. Once the checks finish, click on the ‘details’ action adjacent to a failing check to view the issues you’ve just introduced.
If any of these issues support Autofix™, you’ll see the Autofix™ button. In this case, the only difference is that running Autofix™ will create a commit directly on the PR.
When DeepSource identifies security vulnerabilities in your project dependencies, you can remediate them using either Autofix (when available) or manual fixes.
Before attempting to fix a vulnerability, it’s important to understand its details. DeepSource provides comprehensive information about each vulnerability:
Dynamic Risk Score helps you prioritize vulnerabilities based on real-world impact, allowing your security team to allocate resources more effectively.
When available, Autofix provides the fastest way to remediate vulnerabilities in your dependencies:
The Autofix interface shows:
To apply the fix, simply click “Apply fix with pull request” to automatically create a PR with the necessary changes.
When Autofix isn’t available for a vulnerability, you’ll need to manually upgrade your dependencies:
The manual fix view provides:
After identifying the appropriate upgrade path, manually update your dependency manifest file and run your package manager’s update command to apply the changes.
To help prioritize vulnerability fixes, DeepSource provides reachable call graphs for many vulnerabilities:
This section shows:
This information helps you understand how a vulnerability could be exploited in your specific application context, making remediation efforts more targeted and effective.
Steps on how to ignore an issue can be found here.