https://www.gstatic.com/bricks/image/bb04abcb-823a-47f8-a7c2-80734676247c.png

DeepSource: Securing code with static analysis and AI

  • Automatically scales to process tens of millions of lines of code per day on GKE

  • Reduces operations costs with reliable Google Cloud managed services

  • Increases accuracy of static analysis and provides automated remediation with agents built with Gemini

  • Accelerates time to market by freeing up resources for development

DeepSource uses Gemini models for building AI agents for code remediation and augmenting static analysis, and GKE to provide massively scalable analysis orchestration for source code analysis.

Delivering better code, faster

Sanket Saurav is a developer, founder, and CEO who believes in the importance of building software that is well-maintained, well-architected, secure, and properly tested. It builds a strong foundation that will allow software to grow and evolve, lasting for years to come.

As companies grow and produce more code, maintaining quality and security at scale becomes more challenging. Saurav wanted to give developers tools that serve as a second set of eyes to identify and fix code issues automatically.

In 2018, he teamed up with Jai Pradeesh to found DeepSource. The DeepSource platform uses proprietary static analysis to analyze source code, identify bad and insecure patterns, and fixes them with Autofix™, their agentic AI remediation engine. As a result, companies can deliver higher quality, secure code, faster.

Saurav discovered early on that most companies didn’t just prioritize code quality, but also security. The two challenges often go hand-in-hand, as clean, standardized code makes it easier to lock down from a security standpoint. DeepSource decided to expand its platform, using the same static analysis engine to identify and fix security vulnerabilities.

GKE is critical to our success. It’s the foundation of our platform, and after six years on Google Cloud, I can’t imagine where we’d be without it.

Sanket Saurav

Co-founder and CEO, DeepSource

“We’re not the only company that offers both code quality and security tools, but what makes us unique is our homegrown static analysis engine and orchestration infrastructure,” explains Saurav. “Since we’re not relying on off-the-shelf linters, we have more flexibility and control, which allows us to build highly accurate analyzers with the lowest false-positive rates in the industry.”

When DeepSource started building its static analysis engine, Saurav knew that massive parallel and concurrent processing capabilities would be a foundational element of the platform—something capable of supporting thousands of developers simultaneously inspecting code. Google Kubernetes Engine (GKE), Gemini models, and other Google Cloud solutions provide the scalability and performance that DeepSource needed to grow from a small startup into a business that now supports development lifecycles at more than 6,000 companies.

Faster quality and security checks with AI

“The promise of AI is that companies can go to market faster and quickly react to market demands,” explains Saurav. “Developers are using AI-assisted tools to write code more than ever. But, unless you also automate checks throughout the development pipeline, you’ll only increase bottlenecks — since ensuring security is a prerequisite to shipping production software.”

Gemini keeps getting better in benchmarks, especially related to coding. We now have the confidence to start delivering more AI products and capabilities to customers.

Sanket Saurav

Co-founder and CEO, DeepSource

DeepSource uses AI agents to improve the quality of the results of its static analysis and for automated remediation.. While the company continuously tests and incorporates the newest AI models, Gemini 2.5 Flash and 2.5 Pro power some of the most innovative agentic applications, including Autofix™ AI. After identifying potential code quality and security issues with static analysis, DeepSource runs several agentic loops to learn more about the issue, determine whether a fix is needed, and figure out how to create and apply a fix for the issue.

DeepSource determined that Gemini was the best fit for Autofix™ AI for two reasons. 

First, its large context window allows Autofix™ AI to incorporate all of the context needed to evaluate issues, such as how the code works and what the impact of any vulnerability might be. Second, Gemini delivers very strong performance in multi-turn agentic loops, allowing Autofix™ AI to complete more complex reasoning and feedback loops while delivering a fix.

DeepSource dashboard overview

Scalability to support limitless code analysis

Speed is critical to the user experience. DeepSource built the static analysis engine natively on top of GKE. It runs in parallel to process tens of thousands of code commits and millions of lines of code daily.

GKE enables auto-scaling so that DeepSource can offer customers strong performance for any volume with no artificial limits—something that sets it apart from the competition. “With the scalability of Google Cloud, we can provide companies the same experience whether they have one developer or one thousand,” says Saurav.

DeepSource expanded its Google Cloud footprint with Cloud SQL to scale the database and BigQuery for its data warehouse. Working with Google Cloud as a managed service allows DeepSource to maintain a lean operations team, reducing costs and freeing up more resources to focus on core development. DeepSource can expand the environment in minutes to support new features or product launches, leading to a faster time to market.

DeepSource also participated in the Google for Startups Cloud Program, which connected the company with hands-on support and proofs of concept. The program also provided credits to help the company grow its environment and kickstart development.

“Google Cloud is always there when we need them. But to be honest, we don’t need a lot of support. Everything is stable; Google Cloud just works,” says Saurav.

Any time we’re ready to expand our ecosystem, Google Cloud has a solution that’s a perfect fit. We’ve organically expanded our Google Cloud footprint because they have everything our business needs.

Sanket Saurav

Co-founder and CEO, DeepSource

DeepSource builds developer-centric products for code quality and security. Since 2019, DeepSource has helped over 6,000 companies, from startups to Fortune 500s, secure their source code and software supply chain. 

Industry: Technology

Location: United States

Products: Google Cloud, Google Kubernetes Engine, Gemini, Cloud SQL, BigQuery

Google Cloud