Common Code Insights use cases and recipes

Here are some common use cases for Code Insights and example data series queries you could use.

For all use cases, you can also explore your insight by filtering repositories in real time or add any Sourcegraph search filter to the data series query to filter by language, directory, or content. Currently, the sample queries using commit and diff searches are only supported for insights running over explicit lists of specific repositories.

The sample queries below make the assumption you do not want to search fork or archived repositories. You can exclude those flags if you do.

Migration

Config or docs file

How many repos contain a config or docs file in a specific directory

select:repo file:docs/*/new_config_filename archived:no fork:no

“blacklist/whitelist” to “denylist/allowlist”

How the switch from files containing “blacklist/whitelist” to “denylist/allowlist” is progressing

select:file blacklist OR whitelist archived:no fork:no

select:file denylist OR allowlist archived:no fork:no

Global CSS to CSS modules

Tracking migration from global CSS to CSS modules

select:file lang:SCSS -file:module patterntype:regexp archived:no fork:no

select:file lang:SCSS file:module patterntype:regexp archived:no fork:no

Python 2 to Python 3

How far along is the Python major version migration

#!/usr/bin/env python3 archived:no fork:no

#!/usr/bin/env python2 archived:no fork:no

React Class to Function Components Migration

What's the status of migrating to React function components from class components

patternType:regexp const\s\w+:\s(React\.)?FunctionComponent

patternType:regexp extends\s(React\.)?(Pure)?Component

Adoption

New API usage

How many repos or teams are using a new API your team built

select:repo ourApiLibraryName.load archived:no fork:no

Yarn adoption

Are more repos increasingly using yarn? Track yarn adoption across teams and groups in your organization

select:repo file:yarn.lock archived:no fork:no

Frequently used databases

Which databases we are calling or writing to most often

redis\.set patternType:regexp archived:no fork:no

graphql\( patternType:regexp archived:no fork:no

Large or expensive package usage

Understand if a growing number of repos import a large/expensive package

select:repo import\slargePkg patternType:regexp archived:no fork:no

React Component use

How many places are importing components from a library

from '@sourceLibrary/component' patternType:literal archived:no fork:no

CI tooling adoption

How many repos are using our CI system

file:\.circleci/config.yml select:repo fork:no archived:no

Deprecation

CSS class

The removal of all deprecated CSS class

deprecated-class archived:no fork:no

Icon or image

The removal of all deprecated icon or image instances

2018logo.png archived:no fork:no

Structural code pattern

Deprecating a structural code pattern in favor of a safer pattern, like how many tries don't have catches

try {:[_]} catch (:[e]) { } finally {:[_]} lang:java patternType:structural archived:no fork:no

Tooling

The progress of deprecating tooling you’re moving off of

deprecatedEventLogger.log archived:no fork:no

Var keywords

Number of var keywords in the code basee (ES5 depreciation)

(lang:TypeScript OR lang:JavaScript) var ... = archived:no fork:no patterntype:structural

Consolidation of Testing Libraries

Which React test libraries are being consolidated

from '@testing-library/react' archived:no fork:no

from 'enzyme' archived:no fork:no

Versions and patterns

These examples are all for use with the automatically generated data series of "Detect and track" Code Insights, using regular expression capture groups.

Java versions

Detect and track which Java versions are most popular in your codebase

file:pom\.xml$ <java\.version>(.*)</java\.version> archived:no fork:no

License types in the codebase

See the breakdown of licenses from package.json files

file:package.json "license":\s"(.*)" archived:no fork:no

All log4j versions

Which log4j versions are present, including vulnerable versions

lang:gradle org\.apache\.logging\.log4j['"] 2\.([0-9]+)\. archived:no fork:no

Python versions

Which python versions are in use or haven’t been updated

#!/usr/bin/env python([0-9]\.[0-9]+) archived:no fork:no

Node.js versions

Which node.js versions are present based on nvm files

nvm\suse\s([0-9]+\.[0-9]+) archived:no fork:no

CSS Colors

What CSS colors are present or most popular

color:#([0-9a-fA-f]{3,6}) archived:no fork:no

Types of checkov skips

See the most common reasons for why secuirty checks in checkov are skipped

patterntype:regexp file:.tf #checkov:skip=(.*) archived:no fork:no

Code health

TODOs

How many TODOs are in a specific part of the codebase (or all of it)

TODO archived:no fork:no

Linter override rules

A code health indicator for how many linter override rules exist

file:^\.eslintignore .\n patternType:regexp archived:no fork:no

Commits with “revert”

How frequently there are commits with “revert” in the commit message

type:commit revert archived:no fork:no

Deprecated calls

How many times deprecated calls are used

lang:java @deprecated archived:no fork:no

Storybook tests

How many tests for Storybook exist

patternType:regexp f:\.story\.tsx$ \badd\( archived:no fork:no

Repos with Documentation

How many repos do or don't have READMEs

repohasfile:readme.md select:repo archived:no fork:no

-repohasfile:readme.md select:repo archived:no fork:no

Ownership via CODEOWNERS files

How many repos do or don't have CODEOWNERS files

repohasfile:CODEOWNERS select:repo archived:no fork:no

-repohasfile:CODEOWNERS select:repo archived:no fork:no

CI tooling adoption

How many repos are using our CI system

file:\.circleci/config.yml select:repo fork:no archived:no

Security

Vulnerable open source library

Confirm that a vulnerable open source library has been fully removed, or see the speed of the deprecation

[email protected] archived:no fork:no

API keys

How quickly we notice and remove API keys when they are committed

regexMatchingAPIKey patternType:regexp archived:no fork:no

Vulnerable and fixed Log4j versions

Confirm that vulnerable versions of log4j are removed and only fixed versions appear

lang:gradle org\.apache\.logging\.log4j['"] 2\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)(\.[0-9]+) patterntype:regexp archived:no fork:no

lang:gradle org\.apache\.logging\.log4j['"] 2\.(17)(\.[0-9]+) patterntype:regexp archived:no fork:no

How many tests are skipped

See how many tests have skip conditions

(this.skip() OR it.skip) lang:TypeScript archived:no fork:no

Tests amount and types

See what types of tests are most common and total counts

patternType:regexp case:yes \b(it|test)\( f:/end-to-end/.*\.test\.ts$ archived:no fork:no

patternType:regexp case:yes \b(it|test)\( f:/regression/.*\.test\.ts$ archived:no fork:no

patternType:regexp case:yes \b(it|test)\( f:/integration/.*\.test\.ts$ archived:no fork:no

Types of checkov skips

See the most common reasons for why secuirty checks in checkov are skipped

Uses the detect and track capture groups insight type

patterntype:regexp file:.tf #checkov:skip=(.*) archived:no fork:no

Other

Typescript vs. Go

Are there more Typescript or more Go files

select:file lang:TypeScript archived:no fork:no

select:file lang:Go archived:no fork:no

iOS app screens

What number of iOS app screens are in the entire app

struct\s(.*):\sview$ patternType:regexp lang:swift archived:no fork:no

Adopting new API by Team

Which teams or repos have adopted a new API so far

file:mobileTeam newAPI.call archived:no fork:no

file:webappTeam newAPI.call archived:no fork:no

Or filter teams by repositories in real time

Problematic API by Team

Which teams have the most usage of a problematic API

problemAPI file:teamOneDirectory archived:no fork:no

problemAPI file:teamTwoDirectory archived:no fork:no

Or filter teams by repositories in real time

Data fetching from GraphQL

What GraphQL operations are being called often

patternType:regexp requestGraphQL(\(|<[^>]*>\() archived:no fork:no

patternType:regexp (query|mutate)GraphQL(\(|<[^>]*>\() archived:no fork:no

patternType:regexp use(Query|Mutation|Connection|LazyQuery)(\(|<[^>]*>\() archived:no fork:no

Common Code Insights use cases and recipes

Popular

Terraform versions

Global CSS to CSS modules

Vulnerable and fixed Log4j versions

Yarn adoption

Java versions

Linter override rules

Language use over time

Migration

Config or docs file

“blacklist/whitelist” to “denylist/allowlist”

Global CSS to CSS modules

Python 2 to Python 3

React Class to Function Components Migration

Adoption

New API usage

Yarn adoption

Frequently used databases

Large or expensive package usage

React Component use

CI tooling adoption

Deprecation

CSS class

Icon or image

Structural code pattern

Tooling

Var keywords

Consolidation of Testing Libraries

Versions and patterns

Java versions

License types in the codebase

All log4j versions

Python versions

Node.js versions

CSS Colors

Types of checkov skips

Code health

TODOs

Linter override rules

Commits with “revert”

Deprecated calls

Storybook tests

Repos with Documentation

Ownership via CODEOWNERS files

CI tooling adoption

Security

Vulnerable open source library

API keys

Vulnerable and fixed Log4j versions

How many tests are skipped

Tests amount and types

Types of checkov skips

Other

Typescript vs. Go

iOS app screens

Adopting new API by Team

Problematic API by Team

Data fetching from GraphQL