[{"data":1,"prerenderedAt":354},["ShallowReactive",2],{"blog-guides/cody":3},{"id":4,"title":5,"body":6,"category":329,"date":330,"dateModified":330,"description":331,"draft":332,"extension":333,"faq":334,"featured":332,"headerVariant":338,"image":339,"keywords":339,"meta":340,"navigation":341,"ogDescription":342,"ogTitle":343,"path":344,"readTime":345,"schemaOrg":346,"schemaType":347,"seo":348,"sitemap":349,"stem":350,"tags":351,"twitterCard":352,"__hash__":353},"blog/blog/guides/cody.md","Sourcegraph Cody Security Guide: Enterprise AI Coding",{"type":7,"value":8,"toc":308},"minimark",[9,16,21,24,53,57,60,65,85,89,103,107,121,125,128,132,135,146,155,159,162,176,180,184,201,205,219,223,226,240,249,277,296],[10,11,12],"tldr",{},[13,14,15],"p",{},"Sourcegraph Cody combines code search with AI assistance, designed for enterprise use. It offers self-hosted deployment for maximum security, SOC 2 compliance, and doesn't use your code to train models. Cody understands your entire codebase context, which makes it powerful but requires careful access control.",[17,18,20],"h2",{"id":19},"how-cody-works","How Cody Works",[13,22,23],{},"Cody is Sourcegraph's AI coding assistant that leverages code search intelligence:",[25,26,27,35,41,47],"ul",{},[28,29,30,34],"li",{},[31,32,33],"strong",{},"Code intelligence:"," Uses Sourcegraph's code graph for deep context understanding",[28,36,37,40],{},[31,38,39],{},"Codebase-aware:"," Can search and understand your entire repository",[28,42,43,46],{},[31,44,45],{},"Multiple LLMs:"," Supports different AI providers",[28,48,49,52],{},[31,50,51],{},"IDE integration:"," Works in VS Code and JetBrains IDEs",[17,54,56],{"id":55},"enterprise-security-features","Enterprise Security Features",[13,58,59],{},"Cody is built with enterprise requirements in mind:",[61,62,64],"h3",{"id":63},"deployment-options","Deployment Options",[25,66,67,73,79],{},[28,68,69,72],{},[31,70,71],{},"Self-hosted:"," Run entirely within your infrastructure",[28,74,75,78],{},[31,76,77],{},"Cloud:"," Managed service with strong data protection",[28,80,81,84],{},[31,82,83],{},"Hybrid:"," Code stays on-premise, AI processing in cloud",[61,86,88],{"id":87},"compliance","Compliance",[25,90,91,94,97,100],{},[28,92,93],{},"SOC 2 Type 2 certified",[28,95,96],{},"GDPR compliant",[28,98,99],{},"No training on customer code",[28,101,102],{},"Audit logging available",[61,104,106],{"id":105},"access-control","Access Control",[25,108,109,112,115,118],{},[28,110,111],{},"SSO integration (SAML, OIDC)",[28,113,114],{},"Repository-level permissions",[28,116,117],{},"Admin controls for AI features",[28,119,120],{},"User activity monitoring",[17,122,124],{"id":123},"security-considerations","Security Considerations",[13,126,127],{},"While Cody has strong enterprise features, consider these security aspects:",[61,129,131],{"id":130},"codebase-context","Codebase Context",[13,133,134],{},"Cody's strength is understanding your entire codebase. This means:",[25,136,137,140,143],{},[28,138,139],{},"It can access any code indexed by Sourcegraph",[28,141,142],{},"Responses may include context from multiple repositories",[28,144,145],{},"Ensure proper repository permissions are configured",[147,148,149],"warning-box",{},[13,150,151,154],{},[31,152,153],{},"Access control:"," Cody respects Sourcegraph permissions. Ensure users can only access repositories they're authorized to see before enabling Cody.",[61,156,158],{"id":157},"generated-code-quality","Generated Code Quality",[13,160,161],{},"Like all AI tools, Cody-generated code needs review:",[25,163,164,167,170,173],{},[28,165,166],{},"Check for security vulnerabilities",[28,168,169],{},"Verify authentication and authorization logic",[28,171,172],{},"Review for hardcoded secrets",[28,174,175],{},"Validate input handling",[17,177,179],{"id":178},"configuration-best-practices","Configuration Best Practices",[61,181,183],{"id":182},"for-administrators","For Administrators",[25,185,186,189,192,195,198],{},[28,187,188],{},"Review and configure repository access permissions",[28,190,191],{},"Enable audit logging",[28,193,194],{},"Set up SSO integration",[28,196,197],{},"Configure which AI models are available",[28,199,200],{},"Consider which repositories should be indexed",[61,202,204],{"id":203},"for-developers","For Developers",[25,206,207,210,213,216],{},[28,208,209],{},"Understand what context Cody can access",[28,211,212],{},"Don't share secrets in prompts",[28,214,215],{},"Review generated code for security issues",[28,217,218],{},"Report any unexpected behavior",[17,220,222],{"id":221},"self-hosted-deployment","Self-Hosted Deployment",[13,224,225],{},"For maximum security, consider self-hosted Sourcegraph:",[25,227,228,231,234,237],{},[28,229,230],{},"Code never leaves your infrastructure",[28,232,233],{},"Full control over data retention",[28,235,236],{},"Can use your own LLM providers",[28,238,239],{},"Airgapped deployment possible",[241,242,243],"tip-box",{},[13,244,245,248],{},[31,246,247],{},"Enterprise tip:"," Self-hosted deployment with on-premise LLMs provides the highest level of code privacy. Evaluate your security requirements when choosing deployment options.",[250,251,252,259,265,271],"faq-section",{},[253,254,256],"faq-item",{"question":255},"Is Sourcegraph Cody secure for enterprise use?",[13,257,258],{},"Cody is designed for enterprise use with self-hosted deployment options, SOC 2 compliance, and code not being used to train models. It integrates with your existing code search infrastructure for secure AI assistance.",[253,260,262],{"question":261},"Does Cody access my entire codebase?",[13,263,264],{},"Cody uses Sourcegraph's code intelligence to understand your codebase context. For self-hosted deployments, code never leaves your infrastructure. For cloud, Sourcegraph has strict data handling policies.",[253,266,268],{"question":267},"Can I run Cody on-premise?",[13,269,270],{},"Yes. Sourcegraph offers self-hosted deployment options where Cody runs entirely within your infrastructure. This is ideal for enterprises with strict data residency requirements.",[253,272,274],{"question":273},"Does Cody train on my code?",[13,275,276],{},"No. Sourcegraph does not use customer code to train AI models. Your code is used only to provide context for your own requests.",[278,279,280,286,291],"related-articles",{},[281,282],"related-card",{"description":283,"href":284,"title":285},"Compare with Copilot","/blog/guides/copilot","GitHub Copilot Security",[281,287],{"description":288,"href":289,"title":290},"Direct comparison","/blog/comparisons/cody-vs-copilot","Cody vs Copilot",[281,292],{"description":293,"href":294,"title":295},"Another AI IDE option","/blog/guides/cursor","Cursor Security Guide",[297,298,301,305],"cta-box",{"href":299,"label":300},"/","Start Free Scan",[17,302,304],{"id":303},"using-cody","Using Cody?",[13,306,307],{},"Scan your project for security issues in AI-assisted code.",{"title":309,"searchDepth":310,"depth":310,"links":311},"",2,[312,313,319,323,327,328],{"id":19,"depth":310,"text":20},{"id":55,"depth":310,"text":56,"children":314},[315,317,318],{"id":63,"depth":316,"text":64},3,{"id":87,"depth":316,"text":88},{"id":105,"depth":316,"text":106},{"id":123,"depth":310,"text":124,"children":320},[321,322],{"id":130,"depth":316,"text":131},{"id":157,"depth":316,"text":158},{"id":178,"depth":310,"text":179,"children":324},[325,326],{"id":182,"depth":316,"text":183},{"id":203,"depth":316,"text":204},{"id":221,"depth":310,"text":222},{"id":303,"depth":310,"text":304},"guides","2026-01-19","Security guide for Sourcegraph Cody users. Learn about enterprise code search, AI assistance security, and protecting proprietary code with Cody.",false,"md",[335,336,337],{"question":255,"answer":258},{"question":261,"answer":264},{"question":267,"answer":270},"blue",null,{},true,"How to use Sourcegraph Cody securely for enterprise code search and AI assistance.","Sourcegraph Cody Security Guide","/blog/guides/cody","7 min read","[object Object]","BlogPosting",{"title":5,"description":331},{"loc":344},"blog/guides/cody",[],"summary_large_image","WejmYkmGslm536UExXMiYvEw8g2jUgNnC6F1Fe9bNGg",1775843930218]