An illustration of an assembly line
A code preview of unreachable code

Unreachable, or “dead”, code is often a symptom that something has been missed unintentionally in the codebase. Dead code in your test suite is even more problematic because it means some part of your code that you thought will test something is, well, not serving its purpose. We’ve just added a new issue, TCV-002, in the Test Coverage Analyzer that’ll alert you whenever it finds unexecuted code in any test files.

New in Analyzers

Fixes and improvements

  • Users will now get directly directed to the organization they accepted an invite for.
  • Issues under a run are now paginated, allowing users to see all of them directly without explicitly searching for them.
  • Billing checkout page didn’t show the applied credits. This has been fixed.
A illustrative screenshot showing onelogin and DeepSource integration

The 404 page now has a new login button. After we released the new page last week, several users pointed out that it takes quite a few clicks to finally log in to DeepSource if you’ve landed on a protected URL.

New in Analyzers

Fixes and improvements

  • JavaScript: We’ve updated the default module type updated to ESM. ESModules no longer ignored when the module_system field is unspecified in .deepsource.toml.
  • Python: Resolved several false-positives in PYL-W0143, PYL-W0613, PY-W0069, PTC-W6004, PYL-R1705, and PYL-E1102.
  • Rust: Fixed a false positive in RS-E1008.

New webhook events

We’ve added three new events that you can subscribe to when you create a new webhook:

  • team_member.added: Triggered when a new member is added to the team.
  • team_member.removed: Triggered when an existing member is removed from a team.
  • team_member.updated: Triggered when the role of a member is changed.

You can refer to the docs for more details on these events and see what the payload looks like.

New in Analyzers

Introducing, Duck Norris!

We’ve adopted Duck Norris, a cyborg duck from Quackotron, as our Mascot. He would be working on spreading the word about our mission of helping developers ship good code to the world. We also made a fun short movie about this!

Fixes and improvements

  • We have a brand new 404 page! Check it out here.
  • There’s now a home button in Discover’s sidebar, so you can easily go back to your DeepSource Home.
  • Fixed the broken rendering of HTML entities in the title of an issue
  • Fixed a redirect loop on GitLab authentication. Users will directly be redirected to the account selector directly after authorizing their GitLab account.
  • Standardize font sizes for cards across the dashboard. This was an eyesore, truly.
  • Disabled the Autofix button for unauthenticated users when browsing public repositories. Although the action wouldn’t succeed, the button was being shown as a no-op.
  • Fixed: Users were not able to add new events after creating a webhook.
  • Removed the first and last seen times of an issue in the history page, where it didn’t really make sense.
  • PHP: Fixed a false-positive in PHP-A1006.
  • PHP: Fixed wrong end line in PHP-W1074.
  • Go: Fixed data races to mitigate the episodic runtime panics leading to analysis timeouts.
  • Python: Fixed a major source of Autofix failures. Running Autofix for R1705, R1720, R1723, and R1724 should no longer have failures.
  • C#: CS-R1008: GenericExceptionHandlingCheck is no longer raised when an Exception is being trapped for logging purposes or when passed to Console.WriteLine.
  • C#: CS-P1001: ManualGarbageCollectCheck now correctly handles scenarios when GC-related methods such as SuppressFinalize are invoked inside Dispose.
  • C#: CS-R1029: TestHasNoAssertCheck is no longer invoked when a custom assertion is used in place of test-suite’s Assert.
  • Java: OWASP references in security issue descriptions are now in a uniform format.
  • Java: The Java analyzer will now assume a default Java version if none is provided.
  • Java: Multiple or nested independent Gradle and Maven projects in the same repository are now properly detected.
  • Java: File exclusions are now more efficiently processed.
  • Java: JAVA-E0110 (Equals without null check) now correctly ignores valid non-trivial equals implementations.
  • Java: JAVA-P1001 (inefficient replaceAll) now correctly detects certain regex signatures.
  • Java: JAVA-E1014 (improper getter/setter) now also accounts for final fields.
  • Java: JAVA-E1041 (unimplementable interface) is now smarter in detecting bad interfaces.
  • Java: JAVA-E0094 (Finalizer must not be invoked) will no longer be raised for overloaded methods that are not finalizers.
  • Java: JAVA-P0057 (URL collections are bad) will now respect spotbugs suppress annotations.
  • Java: JAVA-S1002 (Naive trustmanager/hostname verifier implementation) will now respect spotbugs suppress annotations.
  • JavaScript: Fixed a false-positive in JS-D1001.

New webhooks

DeepSource webhooks have been in beta since September. With this release, we have introduced two new webhooks to make integrations with DeepSource easier.

  1. analysis_run.updated: This event is triggered each time an analyzer publishes its results on DeepSource.
  2. repository_issue.introduced: This event is triggered when an issue is introduced to the main/default branch of your repository.

There are many more new webhooks and APIs on the way to help developers build with DeepSource!

A new signup flow

We want our new users to derive value from DeepSource quickly and seamlessly. This is why we just redesigned our sign-up experience to easily get you started with a simpler, easy-to-follow onboarding process.

Improved repository sync for GitLab

Due to the way GitLab’s APIs work, our integration doesn’t automatically sync new repositories to DeepSource. It is now easier to sync all your repositories while choosing to activate DeepSource on a new repository. You’d see a new “Sync repositories” button for GitLab.

Improved changelogs section

We now use Canny for publishing our changelog and it is directly integrated into the DeepSource dashboard. Keep track of all the exciting features and updates straight from your sidebar.

Other improvements and fixes

  • Look up an issue in the Directory from the Ignored rules tab on your repository settings.
  • Fixed the Go import root field in the Auto Onboard page.
  • Improvements to load the Billing Page more gracefully.