Start your security review
Overview
We know source code is one of your most sensitive assets. Every component of Sourcegraph was designed with security as our top priority. This Trust Center details our comprehensive security program, where you can find information and request access to documents to validate our security measures.
Security is woven into the fabric of everything we build at Sourcegraph. Our code AI platform demonstrates our continued commitment to empowering developers with the tools for your devs to do their best work while safeguarding what matters most—your source code.
Compliance

Start your security review
Documents
Pentest report
SOC 2
CAIQ
CIS
VSA Full
Data processing agreement
Disaster recovery & business continuity
MSA Security Exhibit
Product Security
Audit logging
Data security
Integrations
View more
Data Security
Access monitoring
Backups enabled
Data erasure
View more
App Security
Responsible disclosure
Code analysis
Container security
View more
Legal
Subprocessors




Cyber insurance
Data processing agreement
View more
Access Control
Least privileged access model
Logging
Password security
Infrastructure
Anti-DDoS
Disaster recovery & business continuity
Google Cloud Platform
View more
Endpoint Security
Disk encryption
Mobile device management & device trust
Threat detection
Network Security
Firewall
IDS/IPS
Security information & event management
View more
Corporate Security
Asset management practices
Email protection
Employee training
View more
Policies
Acceptable use policy
Access control policy
Backup policy
View more
Security Grades
HSTS Preload List
sourcegraph.com
ImmuniWeb
sourcegraph.com
Qualys SSL Labs
Sourcegraph.com
Knowledge Base
- Is there an account lockout mechanism if the number of failed login attempts reaches a specific threshold?
- What is the Sourcegraph AI Platform account lockout standards?
- What security detection and response features do you have implemented on your email applications and is it integrated into your SOAR system? (Reference Endpoint Protection tab]
- Have you applied SPF, DKIM and DMARC to your email system?
- Is your email platform integrated into a SSO platform with MFA applied?
View more
If you think you may have discovered a vulnerability, please send us a note.