Python

​

Code Analysis

​

.deepsource.toml

This section covers .deepsource.toml configuration specific to the python analyzer. Please make sure to read the general configuration guide first.

​

name

• Type: String
• Presence: mandatory
• Description: Shortcode of the analyzer.
• Example:

name = "python"

​

meta

• Type: Table
• Presence: optional
• Description: Any supported metadata to pass to the analyzer.
• Example:

[analyzers.meta]
  runtime_version = "3.x.x"
  max_line_length = 88
  skip_doc_coverage = ["module", "magic", "init"]

runtime_version

• Type: String
• Presence: optional
• Description: Runtime version of your language in semver.
• Available Values: “2.x.x”, “3.x.x”
• Default Value: “3.x.x”
• Example:

runtime_version = "3.x.x"

max_line_length

• Type: Integer
• Presence: optional
• Description: Maximum allowed line length (including documentation).
• Available Value: Any integer value greater than or equal to 79
• Default Value:88
• Example:

max_line_length = 88

skip_doc_coverage

• Type: Array
• Presence: optional
• Description: Specify which artifacts to skip when calculating documentation coverage.
• Available Values: module, magic, init and class
  • module - Ignore module docstrings
  • magic - Ignore docstrings of magic methods (except “init”)
  • init - Ignore docstrings of “init” methods
  • class - Ignore docstrings of class definitions
  • nonpublic - Ignore docstrings for non-public classes and methods
• Default Value: [“module”, “magic”, “init”]
• Example:

skip_doc_coverage = ["module", "magic", "init"]

type_checker

• Type: String
• Presence: optional
• Description: Activates the type checking analyzer. Please note: This will only raise type annotation issues.
• Available Value: “mypy”
• Default Value: None
• Example:

type_checker = "mypy"

additional_builtins

• Type: Array
• Presence: optional
• Description: Additional built-ins added by the user or third-party modules.
• Available Value: An array with additional built-in names.
• Default Value: None
• Example:

additional_builtins = ["_", "pretty_output"]

cyclomatic_complexity_threshold

• Type: String
• Presence: optional
• Description: Specify the acceptable risk category for your project as the threshold. All functions with complexity beyond this threshold will raise an issue. For example, setting the threshold to low will flag all functions that have a cyclomatic complexity of more than 5, while setting the threshold to critical will not flag any function.
• Available Values: low, medium, high, very-high and critical

• Default Value: medium
• Example:

[analyzers.meta]
cyclomatic_complexity_threshold = "high"

​

Sample Config

version = 1

test_patterns = [
  "tests/**",
  "test_*.py"
]

exclude_patterns = [
  "migrations/**",
  "**/examples/**"
]

[[analyzers]]
name = "python"
enabled = true
dependency_file_paths = ["requirements/development.txt"]

  [analyzers.meta]
  runtime_version = "3.x.x"
  type_checker = "mypy"
  max_line_length = 88
  skip_doc_coverage = ["module", "magic", "init"]
  additional_builtins = ["_", "pretty_output"]

​

Code coverage

• Coverage.py: Run tests with coverage tracking and report in XML format
• Pytest: Use with pytest-cov plugin for integrated coverage reporting
• Nose2: Configure with coverage plugin for XML reports
• Tox: Combine coverage from multiple Python environments

​

Coverage.py (Standard)

pip install coverage
coverage run tests.py
coverage xml

# Report to DeepSource
curl https://deepsource.io/cli | sh
export DEEPSOURCE_DSN=https://sampledsn@deepsource.io
./bin/deepsource report --analyzer test-coverage --key python --value-file ./coverage.xml

​

Pytest

pip install pytest pytest-cov
pytest --cov=./ --cov-report xml

# Report to DeepSource
curl https://deepsource.io/cli | sh
export DEEPSOURCE_DSN=https://sampledsn@deepsource.io
./bin/deepsource report --analyzer test-coverage --key python --value-file ./coverage.xml

​

Nose2

pip install nose2[coverage_plugin]>=0.6.5
nose2 --with-coverage --coverage-report xml

# Report to DeepSource
curl https://deepsource.io/cli | sh
export DEEPSOURCE_DSN=https://sampledsn@deepsource.io
./bin/deepsource report --analyzer test-coverage --key python --value-file ./coverage.xml

​

Tox

Example .coveragerc:

[run]
branch = True
source = src
omit =
    .tox/*
    env/*

Example tox.ini for multiple Python versions:

[tox]
envlist = cov-init,py27,py36,py37,cov-report
skipsdist=True
skip_missing_interpreters=True

[testenv]
setenv =
    COVERAGE_FILE = .coverage.{envname}
deps =
    pytest
    pytest-cov
    coverage
commands =
    pytest --cov

[testenv:cov-init]
skipsdist = True
setenv =
    COVERAGE_FILE = .coverage
deps = coverage
commands =
    coverage erase

[testenv:cov-report]
skipsdist = True
setenv =
    COVERAGE_FILE = .coverage
deps = coverage
commands =
    coverage combine
    coverage report
    coverage xml

​

Code Formatter (Transformer)

​

autopep8

Transform all incoming Python code with autopep8. Autopep8 transforms Python code to conform to the PEP 8 style guide.

This section covers .deepsource.toml configuration specific to the autopep8 transformer. Please make sure to read the general configuration guide first.

name

Type: String Presence: mandatory Description: Shortcode of this transformer. Example:

name = "autopep8"

enabled

Type: Boolean Presence: optional Description: Toggle whether this transformer should be run. Example:

enabled = true

​

black

Transform all incoming Python code with Black.

This section covers .deepsource.toml configuration specific to the autopep8 transformer. Please make sure to read the general configuration guide first.

name

• Type: String
• Presence: mandatory
• Description: Shortcode of this transformer
• Example:

name = "black"

enabled

• Type: Boolean
• Presence: optional
• Description: Toggle whether this transformer should be run.
• Example:

enabled = true

​

isort

Transform all incoming Python code with isort.

This section covers .deepsource.toml configuration specific to the isort transformer. Please make sure to read the general configuration guide first.

name

• Type: String
• Presence: mandatory
• Description: Shortcode of this transformer.
• Example:

name = "isort"

enabled

• Type: Boolean
• Presence: optional
• Description: Toggle whether this transformer should be run.
• Example:

enabled = true

​

ruff

Transform all incoming Python code with ruff.

This section covers .deepsource.toml configuration specific to the ruff transformer. Please make sure to read the general configuration guide first.

name

• Type: String
• Presence: mandatory
• Description: Shortcode of this transformer.
• Example:

name = "ruff"

enabled

• Type: Boolean
• Presence: optional
• Description: Toggle whether this transformer should be run.
• Example:

enabled = true

​

yapf

Transform all incoming Python code with yapf.

This section covers .deepsource.toml configuration specific to the yapf transformer. Please make sure to read the general configuration guide first.

name

• Type: String
• Presence: mandatory
• Description: Shortcode of this transformer.
• Example:

name = "yapf"

enabled

• Type: Boolean
• Presence: optional
• Description: Toggle whether this transformer should be run.
• Example:

enabled = true

​

Vulnerability Scanning

Supported target files:

• Pipfile
• Pipfile.lock
• poetry.lock
• pyproject.toml (if containing a [tool.poetry] or [tool.flit] section)
• requirements.txt
• setup.py