Introduction

DeepSource Runner – Run DeepSource with SaaS convenience and on-premise security

DeepSource Runner is a unique hybrid deployment model designed to enhance data security while maintaining the ease of use of a Software-as-a-Service (SaaS) solution. The Runner ecosystem consists of two major parts, the Control Plane and the Data plane.

Architecture

DeepSource Runner architecture diagram

DeepSource Runner architecture diagram

The Data Plane

The Data Plane is a Kubernetes application that operates within your Kubernetes infrastructure, working on your source code on behalf of DeepSource. Its primary function is to ensure that your source code remains secure and is never transmitted over the public internet.

The Runner application acts as an intermediary between your Version Control System (VCS) provider and DeepSource cloud. It handles all Webhooks and API requests traveling between the VCS provider and DeepSource cloud, ensuring they pass through a secure layer. Additionally, the Runner application is responsible for securely authenticating with your VCS provider.

To process the source code, the Runner application directly interfaces with the Kubernetes API, using Kubernetes jobs to orchestrate the necessary tasks. Any metadata, including source code snippets, is stored in an object storage system like Google Cloud Storage (GCS) or Amazon Web Services S3 within your infrastructure.

This mode of operation guarantees that sensitive data, including your source code, remains within your private infrastructure and is never exposed over the public internet.

The Control Plane

The Control Plane operates on the DeepSource cloud and plays a crucial role in orchestrating all source code processing carried out by the Data Plane. When certain events occur, such as the creation of a new PR on your VCS provider, the Data Plane sends a webhook to the Control Plane. In response, the Control Plane instructs the Data Plane to execute an Analysis task.

Once the Analysis is completed, the Control Plane receives the result data (excluding source code snippets) securely and stores it within DeepSource's protected environment.