DeepSource
@deepsource.com
The Complete Code Health Platform. We help you write clean and secure code with static analysis, SAST, and AI.
The new detection engine is available to all customers on DeepSource Cloud. Team administrators can enable it by navigating to Settings → General → Preferences in their team settings and selecting the Hybrid AI Agent engine.
Read more: deepsource.com/blog/secret...
Read more: deepsource.com/blog/secret...
Hybrid AI Agent for Secrets Detection
DeepSource now uses a hybrid AI agent architecture powered by Narada for secrets detection, dramatically reducing false positives while improving accuracy. Available now for all teams on DeepSource Cloud.
deepsource.com
November 7, 2025 at 5:04 PM
The new detection engine is available to all customers on DeepSource Cloud. Team administrators can enable it by navigating to Settings → General → Preferences in their team settings and selecting the Hybrid AI Agent engine.
Read more: deepsource.com/blog/secret...
Read more: deepsource.com/blog/secret...
Powered by our open-source Narada classification model, the Secrets Analyzer is now way more smarter — 97% precision, 93% reduction in false positives, and 96.3% recall on our benchmarks.
November 7, 2025 at 5:04 PM
Powered by our open-source Narada classification model, the Secrets Analyzer is now way more smarter — 97% precision, 93% reduction in false positives, and 96.3% recall on our benchmarks.
Read more on some technical details into our analysis platform in Google's blog.
cloud.google.com/customers/d...
cloud.google.com/customers/d...
DeepSource case study
DeepSource uses Gemini models for building AI agents for code remediation and augmenting static analysis, and GKE to provide scalable analysis.
cloud.google.com
August 26, 2025 at 9:40 PM
Read more on some technical details into our analysis platform in Google's blog.
cloud.google.com/customers/d...
cloud.google.com/customers/d...
When over 40% of all new code written at most companies is AI-generated, the primary topic of discussion at the dinner (and top-of-mind for most security leaders) was how AppSec teams should keep up.
Learn more: deepsource.com/agents
Learn more: deepsource.com/agents
DeepSource Agents
DeepSource Agents are autonomous AI agents that secure your code.
deepsource.com
April 29, 2025 at 6:11 PM
When over 40% of all new code written at most companies is AI-generated, the primary topic of discussion at the dinner (and top-of-mind for most security leaders) was how AppSec teams should keep up.
Learn more: deepsource.com/agents
Learn more: deepsource.com/agents
You can get started right away or talk to us if you're moving from traditional SCA tools.
Sign up: deepsource.com/sca
Watch a demo: www.youtube.com/watch?v=nP0...
Sign up: deepsource.com/sca
Watch a demo: www.youtube.com/watch?v=nP0...
DeepSource Software Composition Analysis (SCA): Walkthrough
DeepSource SCA is the latest offering in our unified DevSecOps platform that helps companies secure their open-source dependencies with static analysis and A...
www.youtube.com
April 15, 2025 at 12:05 AM
You can get started right away or talk to us if you're moving from traditional SCA tools.
Sign up: deepsource.com/sca
Watch a demo: www.youtube.com/watch?v=nP0...
Sign up: deepsource.com/sca
Watch a demo: www.youtube.com/watch?v=nP0...
Finally, DeepSource SCA is the only one on the market that's transparently priced — per target.
Each combination of a manifest file (like package.json) and a lock file (like package-lock.json) counts as a target. All features are included in this price, bar none.
Each combination of a manifest file (like package.json) and a lock file (like package-lock.json) counts as a target. All features are included in this price, bar none.
April 15, 2025 at 12:04 AM
Finally, DeepSource SCA is the only one on the market that's transparently priced — per target.
Each combination of a manifest file (like package.json) and a lock file (like package-lock.json) counts as a target. All features are included in this price, bar none.
Each combination of a manifest file (like package.json) and a lock file (like package-lock.json) counts as a target. All features are included in this price, bar none.
3️⃣ Dynamic Risk.
We've invented a new scoring system that enables you to assign custom weights and strategies to CVSS scores, EPSS scores, and percentiles, using reachability information to assign a Dynamic Risk to each vulnerability—so your security can finally be personalized.
We've invented a new scoring system that enables you to assign custom weights and strategies to CVSS scores, EPSS scores, and percentiles, using reachability information to assign a Dynamic Risk to each vulnerability—so your security can finally be personalized.
April 15, 2025 at 12:04 AM
3️⃣ Dynamic Risk.
We've invented a new scoring system that enables you to assign custom weights and strategies to CVSS scores, EPSS scores, and percentiles, using reachability information to assign a Dynamic Risk to each vulnerability—so your security can finally be personalized.
We've invented a new scoring system that enables you to assign custom weights and strategies to CVSS scores, EPSS scores, and percentiles, using reachability information to assign a Dynamic Risk to each vulnerability—so your security can finally be personalized.
2️⃣ World's first multi-variate auto-remediation engine.
Upgrading dependencies to fix vulnerabilities is tricky. Traditional SCA tools don't help you automatically create fixes. Those that do use a naïve approach—"Here, upgrade to the latest version of the package."
Upgrading dependencies to fix vulnerabilities is tricky. Traditional SCA tools don't help you automatically create fixes. Those that do use a naïve approach—"Here, upgrade to the latest version of the package."
April 15, 2025 at 12:04 AM
2️⃣ World's first multi-variate auto-remediation engine.
Upgrading dependencies to fix vulnerabilities is tricky. Traditional SCA tools don't help you automatically create fixes. Those that do use a naïve approach—"Here, upgrade to the latest version of the package."
Upgrading dependencies to fix vulnerabilities is tricky. Traditional SCA tools don't help you automatically create fixes. Those that do use a naïve approach—"Here, upgrade to the latest version of the package."
1️⃣ Industry-leading Reachability Analysis.
Our static analyzer starts with function calls right at the top of your code and traverses this graph down to the third-party code by tracking every single function call in the file and across all referenced files using import tracking.
Our static analyzer starts with function calls right at the top of your code and traverses this graph down to the third-party code by tracking every single function call in the file and across all referenced files using import tracking.
April 15, 2025 at 12:04 AM
1️⃣ Industry-leading Reachability Analysis.
Our static analyzer starts with function calls right at the top of your code and traverses this graph down to the third-party code by tracking every single function call in the file and across all referenced files using import tracking.
Our static analyzer starts with function calls right at the top of your code and traverses this graph down to the third-party code by tracking every single function call in the file and across all referenced files using import tracking.
While there are some great (but still relatively restricted) offerings in the space, Globstar is a fresh take on static analysis tooling, built with Go and tree-sitter, and is truly open-source. We're excited to see the AppSec community adopting it.
Check out the repo: github.com/DeepSourceC...
Check out the repo: github.com/DeepSourceC...
GitHub - DeepSourceCorp/globstar: Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.
Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter. - DeepSourceCorp/globstar
github.com
March 17, 2025 at 7:00 PM
While there are some great (but still relatively restricted) offerings in the space, Globstar is a fresh take on static analysis tooling, built with Go and tree-sitter, and is truly open-source. We're excited to see the AppSec community adopting it.
Check out the repo: github.com/DeepSourceC...
Check out the repo: github.com/DeepSourceC...
We have some exciting updates planned for Globstar in the next couple of weeks. Please consider watching and starring the repo for updates: github.com/DeepSourceC...
GitHub - DeepSourceCorp/globstar: Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code quality and SAST checkers. Based on tree-sitter.
Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code quality and SAST checkers. Based on tree-sitter. - DeepSourceCorp/globstar
github.com
February 22, 2025 at 1:22 AM
We have some exciting updates planned for Globstar in the next couple of weeks. Please consider watching and starring the repo for updates: github.com/DeepSourceC...
3. An all-new tutorial for helping you write your first YAML checker in Globstar — and run it in your CI pipeline.
globstar.dev/guides/writ...
globstar.dev/guides/writ...
Globstar by DeepSource
Fast, feature-rich, open-source static analysis toolkit for writing and running code quality and SAST checkers.
globstar.dev
February 22, 2025 at 1:22 AM
3. An all-new tutorial for helping you write your first YAML checker in Globstar — and run it in your CI pipeline.
globstar.dev/guides/writ...
globstar.dev/guides/writ...
2. Several improvements to Globstar: an all-new Go API to write custom checkers, which gives you the full power of tree-sitter bindings and advanced capabilities like multi-file analysis and scope resolution.
🔽 🔽 🔽
🔽 🔽 🔽
February 22, 2025 at 1:22 AM
2. Several improvements to Globstar: an all-new Go API to write custom checkers, which gives you the full power of tree-sitter bindings and advanced capabilities like multi-file analysis and scope resolution.
🔽 🔽 🔽
🔽 🔽 🔽