We were delighted to see our Globstar launch covered by Michael Vizard in DevOps.com — hopefully getting more people using our new static analysis toolkit to write safer code. We built Globstar with the learnings from building static analyzers for 5+ years. It started with an internal tool for our team to write new checkers quickly. With the release, we're excited to bring this to the AppSec community with a truly open-source license, no strings attached. Read the full coverage here: https://lnkd.in/gYBDuGSh
DeepSource
软件开发
San Francisco,California 4,688 位关注者
The Unified DevSecOps Platform. We help you ship clean and secure code with static analysis, SAST, and AI.
关于我们
The Unified DevSecOps Platform. DeepSource secures your entire development lifecycle with static analysis and AI. From code quality and SAST, to open-source security. Trusted by 6,000+ companies.
- 网站
-
https://deepsource.com
DeepSource的外部链接
- 所属行业
- 软件开发
- 规模
- 11-50 人
- 总部
- San Francisco,California
- 类型
- 私人持股
- 创立
- 2018
- 领域
- Developer Tools、Continuous Quality、Static analysis、Code quality、Code reviews、SCA、AI和DevSecOps
地点
DeepSource员工
动态
-
"DeepSource isn't just a tool for us; it's a catalyst for cultural change in how we approach code quality." Learn how Babbel, a leading EdTech platform serving 16M+ users worldwide, transformed its code health and security stack with DeepSource. https://lnkd.in/g34JQbjG
-
Happy Friday, y'all! Our latest changelog is out and we've shipped three key things: 1. An all-new DeepSource Directory, where you can explore all static analysis and SAST checkers across 20+ Analyzers on DeepSource. 2. Several improvements to Globstar: an all-new Go API to write custom checkers, which gives you the full power of tree-sitter bindings and advanced capabilities like multi-file analysis and scope resolution. 3. An all-new tutorial for helping you write your first YAML checker in Globstar — and run it in your CI pipeline. https://lnkd.in/gt2gp-KZ
-
-
We get it: if you've been stuck with a legacy SAST system, DeepSource might feel... different. We don't ask you to make changes to your already complex CI pipeline. We don't show you all the issues in your repository all at once without any prioritization. We don't even price you per line of code analyzed, just per user. TBH DeepSource is a fresh take on code quality and security. ????
-
-
> A 23-year old codebase > mission-critical public safety software > had been using legacy products that didn't work Learn how Omnigo, a leading provider of incident management software, finally got a handle on its code health with DeepSource — and started shipping great code with our code quality and SAST. https://lnkd.in/gjHuvWX7
-
Happy Wednesday! ? We just published the latest changelog, with some of the updates to the DeepSource platform from the last couple of weeks: 1?? Improvements to the Secrets Analyzer 2?? A refreshed application navigation 3?? New mutations in the GraphQL API Read the full changelog: https://lnkd.in/g_38w4Wk
-
-
? And now for something new: We're releasing a new open-source product — Globstar. It's a lightning-fast static analysis toolkit for writing and running custom code quality and security checkers, built with Go and tree-sitter. It's meant to help security engineers and developers easily write rules they'd want to enforce in their org and run it with a simple, portable binary. Key features of Globstar: - Write checkers using tree-sitter's familiar query syntax - no new DSL to learn - Lightning-fast performance with a single portable binary - Runs anywhere - perfect for CI/CD pipelines - Truly open-source under MIT license - Supports 20+ programming languages ?? Get started: https://globstar.dev ?? GitHub: https://lnkd.in/gQ5V9yHQ This is the initial release and we're still working on getting this ready for prime time — so get involved! We're committed to building this in the open with the community. Try it out and let us know what you think!
-
We are re-imagining what the future of Software Composition Analysis (SCA) looks like. Here's more about what's coming: ????
At DeepSource, we've been heads-down building the next generation of Supply Chain Security tooling for the past few months. We're opening up our early access waitlist today (link in comments), and DeepSource SCA will be available to a select group of early customers in the next couple of weeks. "But how will DeepSource SCA be different?". I'm glad you asked. We've spent the last five years building static analysis tooling for 11+ programming languages,?which resulted in us eventually building a lot of infrastructure required to understand your codebase. DeepSource is the leading modern code quality and SAST platform today. Ask 6,000+ teams who rely on us and have moved from legacy products like SonarQube, Veracode, Checkmarx, and others. This has positioned us uniquely to build two key things required for the next generation of SCA — which solves the key woes of customers of products like Snyk and Dependabot: 1. Reachability Analysis: We're able to understand your entire codebase and tell you if a vulnerability found is reachable from your code — and where, with high precision and pretty fast. No other SCA vendor specializes in static analysis. 2. Multi-variate Automated Remediation: Upgrades are messy, and your SCA tool suggesting "just upgrade to the latest" isn't helpful. We're able to perform deep dependency tree analysis (again, we already do this in our SAST platform) and generate all possible paths of remediation. 3. AI Assist: Once we've figured out all possible remediation paths, our AI agent crawls the internet to find the changelog and analyzes how the upgrade can impact your code — so you're not left in the dark. --- There's a lot more to share about what we're building and how we're beating the current state-of-the-art of SCA tooling by a wide margin. Over the next few weeks, we'll share more technical details. For now, if you're looking to adopt a modern SCA tool, please reach out to us!
-
-
?? If you've never used automated tools to catch security issues in your source code, it could be daunting at first — your first scan will show you hundreds (or sometimes, thousands) of bad security patterns in your codebase. Three things that help when adopting code security automation for the first time: 1. Baseline Analysis: So developers get blocked only on new issues they're introducing in their pull requests. 2. Flexible Security Gates: So you can start in a "triage" mode and just observe for a few weeks before beginning to block pull requests 3. Fix Guidance: So developers can easily understand bad security patterns. On DeepSource, we help you model your rollout in three stages so your organization can adopt code security automation without getting overwhelmed. Read more in the blog post linked in the comments!
-