# DeepSource Integration

DeepSource is a code monitoring service designed for developers to automatically find and fix code quality issues, security vulnerabilities, and performance inefficiencies in their codebase.

### How does this integration help Sprinto <a href="#how-does-this-integration-help-sprinto" id="how-does-this-integration-help-sprinto"></a>

The integration below assists Sprinto in meeting compliance requirements concerning vulnerability monitoring on production classified code repositories. Sprinto detects vulnerabilities from your configured DeepSource account and ensures they are resolved within the defined SLA (Service Level Agreement) with the assistance of Sprinto's checks.

#### &#x20;Sprinto checks for DeepSource integration <a href="#sprinto-checks-for-deepsource-integration" id="sprinto-checks-for-deepsource-integration"></a>

Following are the Sprinto checks available for DeepSource integration:

<table><thead><tr><th width="161.484375">Sprinto check</th><th>Required action</th></tr></thead><tbody><tr><td>DeepSource vulnerability alert should be resolved within SLA</td><td><p>This check activates when Sprinto detects a vulnerability in the open status on your configured DeepSource account.</p><p>To fix this check, resolve the detected vulnerability from the source.</p></td></tr></tbody></table>

### Before your begin <a href="#before-your-begin" id="before-your-begin"></a>

* Ensure you have “Admin” access on the DeepSource account you wish to integrate on Sprinto.
* Log in on Sprinto as administrator.

### Integrate Sprinto with DeepSource <a href="#integrate-sprinto-with-deepsource" id="integrate-sprinto-with-deepsource"></a>

Follow the below steps to integrate Sprinto with DeepSource:

1. Get the API key from the DeepSource account.

* Log in to [DeepSource account](https://app.deepsource.com/login) using your credentials or available Single Sign-On (SSO) options.
* Go to Settings > Tokens, and click Generate a New Token.
* Enter the token name and set the expiry. We recommend setting the token expiration to “Never expire.” Click Generate.<br>

  <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72092193409/original/flBuErzn4KoNN4II9KyknnlGYoYLfJAx2A.png?1712164184" alt="" width="563"><figcaption></figcaption></figure>
* Copy the generated token and save it securely. We will need this token on Sprinto to build integration.

2. Integrate DeepSource on Sprinto.

* Go to **Settings** > **Integrations** > **Available**, and click Connect next to DeepSource.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2Fxk4mdpwZ0TMeUjcACRhE%2FScreenshot%202025-09-25%20at%2011.01.23.png?alt=media&#x26;token=df166440-9f19-4ec3-8a20-de6e34131b54" alt="" width="563"><figcaption></figcaption></figure>

* Read the on-screen instructions, and click Next.

  <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72092193419/original/df7uv3KBAGHTQogHwhXo3sYsGMmoGakhPQ.png?1712164185" alt="" width="375"><figcaption></figcaption></figure>
* Enter the API token copied from Step 1, and click Connect.

  <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72092193428/original/K2oR-WJqv4yNI0_dTs4S44kXfz4vg6DaxA.png?1712164185" alt="" width="375"><figcaption></figcaption></figure>

3. Add DeepSource as a vulnerability monitoring source.

* Go to **Data Library** > **Vulnerabilities** > **Overview**, and click + Add Monitoring Source.
* On Add Vulnerability monitoring source page, click Choose next to DeepSource.<br>

  <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72092193427/original/Ze7uJJm9u4fMdTC5TWrt2pyC6GJvWq_vOQ.png?1712164185" alt="" width="375"><figcaption></figcaption></figure>
* Click Add DeepSource from the configuration page.

After completing Step 2, allow 15 to 20 minutes for Sprinto to finish the data syncing process. Sprinto may take a few hours to evaluate the synced data and activate relevant Sprinto checks. If needed, go to Security Hub > Vulnerabilities and click DeepSource to review the pending Sprinto checks.

Contact [Sprinto support](mailto:www.support@sprinto.com) if you have any queries regarding the integration or need any assistance