Introducing, cyclomatic complexity issues

Cyclomatic complexity is a crucial metric for assessing the complexity of your code. It measures the number of different paths through a function, and in essence, it tells you how complicated and tangled your code might be. A high cyclomatic complexity often indicates code that is hard to understand, challenging to maintain, and prone to bugs.

Today, we are excited to announce the capability to identify functions with “unacceptable” values of cyclomatic complexity across all major programming languages supported by DeepSource. Issues are raised on such functions so that you are aware of parts in your codebase that are a maintenance nightmare and can take proactive steps to ensure that they are refactored to more maintainable implementations.

Whenever a function is reported to have an elevated cyclomatic complexity, it is not only associated with a complexity value but is also assigned a risk level. This risk level serves as a handy indicator to guide you in deciding which functions in your codebase should be refactored on priority.

Risk Level Cyclomatic Complexity Range Recommended Action
low 1 - 5 No action needed.
medium 6 - 15 Review and monitor.
high 16 - 25 Review and refactor. Recommended to add comments if the function absolutely needs to be kept as it is.
very-high 26 - 50 Refactor to reduce the complexity.
critical > 50 Must refactor this. This can make the code untestable and very difficult to understand.

We acknowledge that the interpretation of cyclomatic complexity can be subjective, and hence these risk levels are also used to specify the threshold above which you would like a function to be flagged as having an “unacceptable” value of cyclomatic complexity.

DeepSource by default has a particular risk level set as the threshold based on the nature of each programming language. However, this threshold can be changed per language analyzer by adding the cyclomatic_complexity_threshold meta option in your .deepsource.toml file.

To learn more about the default thresholds and how to configure them, you can visit the respective analyzer documentation.


Hey @anto-christo, is there a metric definition, on how the cyclomatic complexity gets calculated?
As we know, whenever the control flow of a function splits, the cyclomatic complexity counter gets incremented by one and each function has a minimum complexity of 1. But, this calculation varies slightly by language because keywords and functionalities do. Do you have language specific details, which keywords, control-statements increase the complexity counter?

Hey @zordog, currently such language-specific details are not available as part of our documentation. We are working on updating the docs with these details. I’ll share it here once it’s available.

1 Like