TL;DR
Sourcegraph Cody combines code search with AI assistance, designed for enterprise use. It offers self-hosted deployment for maximum security, SOC 2 compliance, and doesn't use your code to train models. Cody understands your entire codebase context, which makes it powerful but requires careful access control.
How Cody Works
Cody is Sourcegraph's AI coding assistant that leverages code search intelligence:
- Code intelligence: Uses Sourcegraph's code graph for deep context understanding
- Codebase-aware: Can search and understand your entire repository
- Multiple LLMs: Supports different AI providers
- IDE integration: Works in VS Code and JetBrains IDEs
Enterprise Security Features
Cody is built with enterprise requirements in mind:
Deployment Options
- Self-hosted: Run entirely within your infrastructure
- Cloud: Managed service with strong data protection
- Hybrid: Code stays on-premise, AI processing in cloud
Compliance
- SOC 2 Type 2 certified
- GDPR compliant
- No training on customer code
- Audit logging available
Access Control
- SSO integration (SAML, OIDC)
- Repository-level permissions
- Admin controls for AI features
- User activity monitoring
Security Considerations
While Cody has strong enterprise features, consider these security aspects:
Codebase Context
Cody's strength is understanding your entire codebase. This means:
- It can access any code indexed by Sourcegraph
- Responses may include context from multiple repositories
- Ensure proper repository permissions are configured
Access control: Cody respects Sourcegraph permissions. Ensure users can only access repositories they're authorized to see before enabling Cody.
Generated Code Quality
Like all AI tools, Cody-generated code needs review:
- Check for security vulnerabilities
- Verify authentication and authorization logic
- Review for hardcoded secrets
- Validate input handling
Configuration Best Practices
For Administrators
- Review and configure repository access permissions
- Enable audit logging
- Set up SSO integration
- Configure which AI models are available
- Consider which repositories should be indexed
For Developers
- Understand what context Cody can access
- Don't share secrets in prompts
- Review generated code for security issues
- Report any unexpected behavior
Self-Hosted Deployment
For maximum security, consider self-hosted Sourcegraph:
- Code never leaves your infrastructure
- Full control over data retention
- Can use your own LLM providers
- Airgapped deployment possible
Enterprise tip: Self-hosted deployment with on-premise LLMs provides the highest level of code privacy. Evaluate your security requirements when choosing deployment options.
Is Sourcegraph Cody secure for enterprise use?
Cody is designed for enterprise use with self-hosted deployment options, SOC 2 compliance, and code not being used to train models. It integrates with your existing code search infrastructure for secure AI assistance.
Does Cody access my entire codebase?
Cody uses Sourcegraph's code intelligence to understand your codebase context. For self-hosted deployments, code never leaves your infrastructure. For cloud, Sourcegraph has strict data handling policies.
Can I run Cody on-premise?
Yes. Sourcegraph offers self-hosted deployment options where Cody runs entirely within your infrastructure. This is ideal for enterprises with strict data residency requirements.
Does Cody train on my code?
No. Sourcegraph does not use customer code to train AI models. Your code is used only to provide context for your own requests.