DeepSource MCP Server

List all available DeepSource projects. Returns a list of project objects with "key" and "name" properties.

Get issues from a DeepSource project with support for Relay-style cursor-based pagination and filtering. For forward pagination, use first (defaults to 10) with optional after cursor. For backward pagination, use last (defaults to 10) with optional before cursor. The response includes pageInfo with hasNextPage, hasPreviousPage, startCursor, and endCursor to help navigate through pages.

Filtering options:

• path: Filter issues by specific file path
• analyzerIn: Filter issues by specific analyzers
• tags: Filter issues by tags

List analysis runs for a DeepSource project with support for Relay-style cursor-based pagination and filtering. For forward pagination, use first (defaults to 10) with optional after cursor. For backward pagination, use last (defaults to 10) with optional before cursor. The response includes pageInfo with hasNextPage, hasPreviousPage, startCursor, and endCursor to help navigate through pages.

Filtering options:

• analyzerIn: Filter runs by specific analyzers

Get a specific analysis run by its runUid (UUID) or commitOid (commit hash).

Get dependency vulnerabilities from a DeepSource project with support for Relay-style cursor-based pagination. For forward pagination, use first (defaults to 10) with optional after cursor. For backward pagination, use last (defaults to 10) with optional before cursor. The response includes pageInfo with hasNextPage, hasPreviousPage, startCursor, and endCursor to help navigate through pages.

The response provides detailed information about each vulnerability, including:

• Package information (name, ecosystem, purl)
• Package version details
• Vulnerability details (identifiers, severity, CVSS scores)
• Reachability status (whether the vulnerability is reachable in the code)
• Fixability information (whether and how the vulnerability can be fixed)

Get quality metrics from a DeepSource project with optional filtering by metric type.

Metrics include code coverage, duplicate code percentage, and more, along with their:

• Current values
• Threshold settings
• Pass/fail status
• Configuration status (reporting and enforcement)

For each metric, detailed information is provided for different programming languages and the aggregated metrics for the entire repository.

Update the threshold for a specific quality metric in a DeepSource project.

This allows setting or removing threshold values that determine if a metric passes or fails. Thresholds can be set per language or for the entire repository (AGGREGATE).

Examples:

• Set a 80% line coverage threshold: metricShortcode="LCV", metricKey="AGGREGATE", thresholdValue=80
• Remove a threshold: metricShortcode="LCV", metricKey="AGGREGATE", thresholdValue=null

Update the settings for a quality metric in a DeepSource project.

This allows configuring how metrics are used in the project:

• Enable/disable reporting the metric in the UI and API
• Enable/disable enforcing thresholds (failing checks when thresholds aren't met)

Example:

• Enable reporting and enforce thresholds: isReported=true, isThresholdEnforced=true
• Only report but don't enforce: isReported=true, isThresholdEnforced=false
• Disable completely: isReported=false, isThresholdEnforced=false

Get security compliance reports from a DeepSource project.

This tool provides access to industry-standard security compliance reports including:

• OWASP Top 10: Common web application security vulnerabilities
• SANS Top 25: Most dangerous software errors
• MISRA-C: Guidelines for safety-critical software in C

The response includes:

• Comprehensive statistics about security issues by category and severity
• Compliance status (passing/failing)
• Recommendations for improving security posture
• Trend data showing changes over time