Ecosystem

DeepSource strengthens developer support with new open-source security toolkit Globstar

Whether an engineering team is scattered across the globe or based in-house, leveraging AI code review provides senior software developers with an opportunity to focus on areas that require human-centric approaches, leaving the necessary yet repetitive tasks to AI assistants. In fact, the high majority of developers worldwide have already realized this, and today are leveraging AI to streamline productivity and improve output. 

However, AI has also presented its fair share of security concerns. While we can’t completely eliminate its risks, we can use tools and practices to better safeguard ourselves.

One such solution is from DeepSource, which is a unified DevSecOps platform that offers developers the ability to harness the benefits of AI without compromising on security risks that can affect organizations.

The company has introduced an open-source security toolkit called Globstar, which is addressing the need for heightened security measures in software development. Here’s how.

The value in making secure coding tools accessible 

While DeepSource’s primary objective is to provide users with the ability to create secure code and leverage AI’s ability to pinpoint vulnerabilities, the company does so with a deep understanding that core components of code security should be widely accessible for both creating the software and protecting it’s systems. 

What’s unique about its new solution, Globstar’s static code analysis toolkit, is that it lets users build custom security checkers and integrate them into their pipelines.

Released under the MIT license, it is completely open source.

Said Sanket Saurav, CEO of DeepSource, “We initially leveraged tree-sitter to develop new checkers for our internal analyzers, which allowed us to respond swiftly to customer requests. With Globstar, we saw an opportunity to give developers the same flexibility—so we decided to open-source it.”

While DeepSource’s customers can use Globstar to define security rules specific to their needs, the tool is available to any one.

Automating security checks with Globstar 

Writing code is one thing—keeping it secure is another. Existing tools like CodePilot assist developers to write code, however there hasn’t been an easy way to automate advanced security checks to catch hidden bugs and vulnerabilities before they become real problems.

DeepSource saw this as a major challenge for the AppSec community. Software security flaws weren’t just an issue for developers—they were affecting the quality and reliability of the apps we all use.

To solve this, their team decided to create Globstar—a toolkit that makes it easier to build and run security checks within the development process.

This gives developers direct access to the actual structure of their code, so they can build security checks that work exactly as expected, without missing hidden details.

Built for all user levels

As part of the company’s mission in making Globstar an open source repository for software and security teams globally, the solution supports over 20 programming languages and is designed for users with different levels of expertise. 

For example, beginners can use the YAML interface for simple security checks, while more advanced users can leverage the Go interface for complex features like cross-file analysis and scope resolution.

Team TechPanda

Recent Posts

The role of AI in redefining the future of corporate gifting

Business gifting has been around for a long time as a gesture of appreciation, goodwill,…

5 hours ago

DeepSource’s new autonomous AI agents promise to scan, fix code security vulnerabilities

As artificial intelligence (AI) continues to progress exponentially, the future of industries like software engineering…

3 days ago

Retail’s Return Rate Crisis: The Urgent Need for Proactive Solutions

The average return rate in eCommerce is estimated at 17.6% for 2024. Nearly 1 in 5 products…

4 days ago

AI Launches: Cybersecurity, AI Agents, product specs, business operating system, automobile, consumer & MSME lending, cloud, data streaming

The Tech Panda takes a look at recent launches in the superfast field of Artificial…

5 days ago

As India’s tech sector on track to surpass $300 billion, CEO of Ness shares insights into AI’s important role 

The tech sector in India has been going from strength to strength in recent years.…

5 days ago

Unknown & uncontrolled machine identities within organizations leading to emergence of new identity security challenges

Experts are saying that organizations are inadvertently creating a new identity-centric attack surface through growing…

5 days ago