DeepSource strengthens developer support with new open-source security toolkit Globstar

Whether an engineering team is scattered across the globe or based in-house, leveraging AI code review provides senior software developers with an opportunity to focus on areas that require human-centric approaches, leaving the necessary yet repetitive tasks to AI assistants. In fact, the high majority of developers worldwide have already realized this, and today are leveraging AI to streamline productivity and improve output. 

However, AI has also presented its fair share of security concerns. While we can’t completely eliminate its risks, we can use tools and practices to better safeguard ourselves.

One such solution is from DeepSource, which is a unified DevSecOps platform that offers developers the ability to harness the benefits of AI without compromising on security risks that can affect organizations.

The company has introduced an open-source security toolkit called Globstar, which is addressing the need for heightened security measures in software development. Here’s how.

The value in making secure coding tools accessible 

While DeepSource’s primary objective is to provide users with the ability to create secure code and leverage AI’s ability to pinpoint vulnerabilities, the company does so with a deep understanding that core components of code security should be widely accessible for both creating the software and protecting it’s systems. 

What’s unique about its new solution, Globstar’s static code analysis toolkit, is that it lets users build custom security checkers and integrate them into their pipelines.

Released under the MIT license, it is completely open source.

Said Sanket Saurav, CEO of DeepSource, “We initially leveraged tree-sitter to develop new checkers for our internal analyzers, which allowed us to respond swiftly to customer requests. With Globstar, we saw an opportunity to give developers the same flexibility—so we decided to open-source it.”

While DeepSource’s customers can use Globstar to define security rules specific to their needs, the tool is available to any one.

Automating security checks with Globstar 

Writing code is one thing—keeping it secure is another. Existing tools like CodePilot assist developers to write code, however there hasn’t been an easy way to automate advanced security checks to catch hidden bugs and vulnerabilities before they become real problems.

DeepSource saw this as a major challenge for the AppSec community. Software security flaws weren’t just an issue for developers—they were affecting the quality and reliability of the apps we all use.

To solve this, their team decided to create Globstar—a toolkit that makes it easier to build and run security checks within the development process.

This gives developers direct access to the actual structure of their code, so they can build security checks that work exactly as expected, without missing hidden details.

Built for all user levels

As part of the company’s mission in making Globstar an open source repository for software and security teams globally, the solution supports over 20 programming languages and is designed for users with different levels of expertise. 

For example, beginners can use the YAML interface for simple security checks, while more advanced users can leverage the Go interface for complex features like cross-file analysis and scope resolution.