Setup analysis

Create a DeepSource Account

You can create an account on DeepSource using an existing GitHub, GitLab, or Bitbucket account. Once you have signed up, DeepSource will ask for your permissions to install the DeepSource app for that provider in your account.

Requirements

  • An existing GitHub/GitLab/Bitbucket account, depending on which provider you want to connect to.
  • Owner permissions for the repository.

Connect GitHub

  1. On the DeepSource Sign up page click "Sign up with GitHub".

  2. If you aren't already logged into GitHub, you will be asked to do so - enter your login credentials, and proceed.
  3. Accept the required permissions.

  4. Install the DeepSource App on GitHub.

    Install DeepSource on GitHub

  5. From the list, select the account (user, or organization) for which you want to enable DeepSource and click "Install".
  6. Choose an appropriate payment plan and you will be redirected to the dashboard.

Connect GitLab

  1. On the DeepSource Sign up page, click "Sign up with GitLab".

  2. If you aren't already logged into GitLab, you will be asked to do so - enter your login credentials, and proceed.
  3. Accept the required permissions.

    Accept Permissions

  4. From the list, select the account (user, or group) for which you want to enable DeepSource and click "Install".

    Choose GitLab Account

  5. Choose an appropriate payment plan and you will be redirected to the dashboard.

Connect Bitbucket

  1. On DeepSource Sign up page click "Sign up with Bitbucket".

  2. If you aren't already logged into Bitbucket, you will be asked to do so - enter your login credentials, and proceed.
  3. Accept the required permissions.

    Authorize DeepSource for Bitbucket

  4. Install the DeepSource App on Bitbucket. From the "Authorize for" list, select the account (user, or organization) for which you want to enable DeepSource and click "Grant Access".

    Install DeepSource on Bitbucket

  5. Choose an appropriate payment plan and you will be redirected to the dashboard.

That's it! You can now access your DeepSource account through the dashboard.

DeepSource dashboard

What next? Add a repo, and start analyzing code right away.

Activate analysis

This guide assumes that you have already created an account on GitHub. If you haven't already, read here about how to sign up.

  1. Once logged into your DeepSource account, go to the DeepSource dashboard and use any of the "Activate new repo" buttons.

    If you've got accounts from multiple providers (GitHub/GitLab) - or if you want to enable a repository owned by a GitHub organization or a GitLab group - choose the appropriate account from the drop down menu by clicking your username in the upper left corner.

    Change account

    Or, see this how-to on adding more accounts to your DeepSource dashboard.

  2. A list of all repositories for the selected account will appear on the screen. Use the search bar on the top to search for the repo you want to activate the analysis on and click on the repository name.

  3. The repository onboarding wizard now appears on the screen which sets up the .deepsource.toml for you.

    The analysis configuration for a repository on DeepSource is defined in a .deepsource.toml file in the repository's root. This file must be present at the said location for analysis to be run.

  4. Fill in "Tests File Patterns" -- A list of glob patterns to identify test files. This helps us reduce false positives. For example:

    Example Tests File Patterns

  5. Fill in "Excluded file patterns" -- A list of glob patterns that should be excluded from analysis. These patterns should be relative to the repository's root.

    Files one would want to exclude from analysis, for example, are: generated binaries (bin/*), minified JS code checked in to the repository, additional third party modules, etc:

    Example Exclude File Patterns

  6. Click "Add Analyzer" to see a list of analyzers. You can select multiple analyzers from this list to run on your repo. Click on an analyzer's name to add it, and fill in the required information.

    Add analyzers

  7. Finally, just click on "Commit to GitHub" (or Bitbucket/GitLab), and the corresponding .deepsource.toml file will automatically be created and committed to your repo.

Your first analysis run will be initialized right away. Give it a few minutes to munch on all the new code (The first analysis takes a few minutes depending on the repository's size, but the subsequent analyses would be much faster). It will automatically take you to the repo dashboard, where you can browse through the results from DeepSource.

DeepSource analysis is all set now. However, if you want to fine-tune the analysis further, it's possible to change settings by passing along meta options in .deepsource.toml. A list of all such options for different analyzers can be found on the analyzers page.

Ignore rules

While we strive to ensure minimum false positives in code analyses, there will always be cases where there is a need to ignore issues permanently.

For example, there may be a function that has arguments that are not used anywhere in the function.

def return_as_is(param, an_unused_param):
    return param

This will raise the issue Unused argument, with DeepSource issue code PYL-W0613. However, if the extra argument exists for the sole purpose of API consistency, it is better to ignore this issue. In order to silence this issue permanently in code, use the skipcq keyword.

def return_as_is(param, an_unused_param):  # skipcq: PYL-W0613
    return param

Silencing a specific issue

Add skipcq as a comment with the issue's short-code at the end of the line, or one the line above it to silence the issue.

input = 10  # skipcq: PYL-W0622
# skipcq: PYL-W0622
input = 10

Doing so will suppress PYL-W0622 on this line, which is raised because the inbuilt function input has been redefined.

Silencing multiple issues

To silence multiple issues on a line, add a comma separated list of issue short-codes after the skipcq: keyword.

def function(input, an_argument_not_used):  # skipcq: PYL-W0622, PYL-W0613
    pass
# skipcq: PYL-W0622, PYL-W0613
def function(input, an_argument_not_used):
    pass

Silencing all issues on a line

To silence all issues that could be raised on a line, use the keyword skipcq in the comment corresponding to the line.

except Exception:  # skipcq
    pass
# skipcq
except Exception:
    pass

A word of caution, though — this would prevent all issues from being raised on this line, which is probably not desired. We recommend using the keyword explicitly for the issues to be suppressed.

In conjunction with existing comments

Add skipcq at the end of the comment for the line.

class Klass:
    def __init__(self):
        pass

    def func(self, x):  # This function does not use `self`. Hence an issue will be raised. Lets ignore it. skipcq
        return x ** 2

In case the skipcq comment is placed above the line, place as many comments or newlines between the skipcq keyword and the concerned line as needed.

class Klass:
    def __init__(self):
        pass

    # skipcq
    # This function does not use `self`.
    # Hence an issue will be raised. Lets ignore it.
    def func(self, x):
        return x ** 2

Universality

While all the examples above are for Python, skipcq keyword can be used for all analyzers. The general format is:

a line of code that raises an issue <comment identifier> skipcq: <issue code 1>, <issue code 2>

So, in order to silence an issue on a line of Go code,

x := true
// The next line will raise an issue stating that negating a boolean twice is pointless.
// But we want to keep it, and not have any issues raised by DeepSource. Hence, `skipcq`
y := !!y // skipcq: SSC-SA4010