Security Portal

Start your security review

Overview

We know source code is one of your most sensitive assets. Every component of Sourcegraph was designed with security as our top priority. This Trust Center details our comprehensive security program, where you can find information and request access to documents to validate our security measures.

Security is woven into the fabric of everything we build at Sourcegraph. Our code AI platform demonstrates our continued commitment to empowering developers with the tools for your devs to do their best work while safeguarding what matters most—your source code.

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
SOC 2 Logo
SOC 2
Start your security review

Sourcegraph is trusted by

RedditReddit
DropboxDropbox
UberUber
DatabricksDatabricks
IndeedIndeed
NutanixNutanix
PlaidPlaid
CanvaCanva

Documents

All
Public
Private
Pentest report
SOC 2
CAIQ
CIS
VSA Full
Data processing agreement
Disaster recovery & business continuity
MSA Security Exhibit

Product Security

Audit logging
Data security
Integrations
View more

Data Security

Access monitoring
Backups enabled
Data erasure
View more

App Security

Responsible disclosure
Code analysis
Container security
View more

Legal

SubprocessorsAmazonAmplitudeAtlassianCloudflareGitHub
Cyber insurance
Data processing agreement
View more

Access Control

Least privileged access model
Logging
Password security

Infrastructure

Anti-DDoS
Disaster recovery & business continuity
Google Cloud Platform
View more

Endpoint Security

Disk encryption
Mobile device management & device trust
Threat detection

Network Security

Firewall
IDS/IPS
Security information & event management
View more

Corporate Security

Asset management practices
Email protection
Employee training
View more

Policies

Acceptable use policy
Access control policy
Backup policy
View more

Security Grades

HSTS Preload List
sourcegraph.com
ImmuniWeb
sourcegraph.com
Qualys SSL Labs
Sourcegraph.com

Knowledge Base

  • Is there an account lockout mechanism if the number of failed login attempts reaches a specific threshold?
  • What is the Sourcegraph AI Platform account lockout standards?
  • What security detection and response features do you have implemented on your email applications and is it integrated into your SOAR system? (Reference Endpoint Protection tab]
  • Have you applied SPF, DKIM and DMARC to your email system?
  • Is your email platform integrated into a SSO platform with MFA applied?
View more

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered bySafeBase Logo