We think that security is an enabler for the business. Sourcegraph is committed to proactive security, and addressing vulnerabilities in a timely manner. We approach security with a can-do philosophy, and look to achieve product goals while maintaining a positive posture, and increasing our security stance over time.
- New members onboarding guide
- Proactively improve the security of our application and infrastructure.
- Define, plan, and prioritize security work that needs to be done (and then go do that work).
- Directly contribute to our codebase (i.e., Go, TypeScript, Kubernetes, Docker, Google Cloud Platform) to secure our application and deployments, and help other engineers on our team make the necessary changes.
- Respond to security vulnerability reports
- Increase our security posture by running traditional security tools such as vulnerability scanners, SAST, and DAST tools.
- Create a culture of security at Sourcegraph that empowers all of our engineers to write secure code.
- Respond to Security Incidents as per our Security Incident Response Policy
We’re always happy for teams to request security code reviews.
Security questions and support requests should be raised in #security:
- Click the lightning bolt below the Slack message box in #security
- Select an option at the top of the menu
- Fill out the questions
- Tag @security-support in the resulting thread if urgent
Reach out to us on #security if you have any doubts, or for any reason feel like our process can’t work for you in a particular case.