[{"data":1,"prerenderedAt":495},["ShallowReactive",2],{"blog-is-safe/cody":3},{"id":4,"title":5,"body":6,"category":475,"date":476,"dateModified":476,"description":477,"draft":478,"extension":479,"faq":480,"featured":478,"headerVariant":481,"image":480,"keywords":480,"meta":482,"navigation":483,"ogDescription":484,"ogTitle":480,"path":485,"readTime":486,"schemaOrg":487,"schemaType":488,"seo":489,"sitemap":490,"stem":491,"tags":492,"twitterCard":493,"__hash__":494},"blog/blog/is-safe/cody.md","Is Sourcegraph Cody Safe? Security Analysis",{"type":7,"value":8,"toc":454},"minimark",[9,16,21,24,28,76,80,83,93,98,101,115,119,209,213,217,231,235,249,253,333,337,341,367,395,399,402,423,442],[10,11,12],"tldr",{},[13,14,15],"p",{},"Sourcegraph Cody is safe for most uses, with strong enterprise options including self-hosted deployment. Its unique advantage is deep codebase awareness through Sourcegraph's code intelligence. Enterprise tier offers on-premise deployment for maximum security. Like all AI tools, generated code needs review, but Cody's architecture and enterprise options are solid.",[17,18,20],"h2",{"id":19},"what-is-cody","What is Cody?",[13,22,23],{},"Cody is Sourcegraph's AI coding assistant that combines large language models with Sourcegraph's code intelligence platform. This gives it deep understanding of your entire codebase, not just the current file. It's available as a VS Code extension, JetBrains plugin, and through Sourcegraph's web interface.",[17,25,27],{"id":26},"our-verdict","Our Verdict",[29,30,31,36,55,59],"pros-cons",{},[32,33,35],"h4",{"id":34},"whats-good","What's Good",[37,38,39,43,46,49,52],"ul",{},[40,41,42],"li",{},"Deep codebase understanding",[40,44,45],{},"Self-hosted option available",[40,47,48],{},"Multiple LLM choices",[40,50,51],{},"SOC 2 Type II certified",[40,53,54],{},"Good free tier",[32,56,58],{"id":57},"what-to-watch","What to Watch",[37,60,61,64,67,70,73],{},[40,62,63],{},"Requires indexing your code",[40,65,66],{},"More complex setup than others",[40,68,69],{},"Generated code needs review",[40,71,72],{},"Enterprise features cost more",[40,74,75],{},"Smaller community",[17,77,79],{"id":78},"codebase-aware-ai","Codebase-Aware AI",[13,81,82],{},"Cody's unique feature is its integration with Sourcegraph's code search and intelligence:",[84,85,86],"info-box",{},[13,87,88,92],{},[89,90,91],"strong",{},"How it works:"," Cody indexes your codebase using Sourcegraph, allowing it to find relevant code across your entire repository when answering questions or generating code. This means more contextually accurate suggestions.",[94,95,97],"h3",{"id":96},"security-implications","Security Implications",[13,99,100],{},"The codebase indexing has security considerations:",[37,102,103,106,109,112],{},[40,104,105],{},"Your code is indexed by Sourcegraph (cloud or self-hosted)",[40,107,108],{},"Queries may include code snippets",[40,110,111],{},"Better context means better suggestions",[40,113,114],{},"Self-hosted option keeps everything in your network",[17,116,118],{"id":117},"deployment-options","Deployment Options",[120,121,122,141],"table",{},[123,124,125],"thead",{},[126,127,128,132,135,138],"tr",{},[129,130,131],"th",{},"Feature",[129,133,134],{},"Free",[129,136,137],{},"Pro",[129,139,140],{},"Enterprise",[142,143,144,158,169,182,196],"tbody",{},[126,145,146,150,153,156],{},[147,148,149],"td",{},"Completions",[147,151,152],{},"Limited",[147,154,155],{},"Unlimited",[147,157,155],{},[126,159,160,163,165,167],{},[147,161,162],{},"Chat messages",[147,164,152],{},[147,166,155],{},[147,168,155],{},[126,170,171,174,177,179],{},[147,172,173],{},"Self-hosted",[147,175,176],{},"No",[147,178,176],{},[147,180,181],{},"Yes",[126,183,184,187,190,193],{},[147,185,186],{},"LLM choice",[147,188,189],{},"Default",[147,191,192],{},"Multiple",[147,194,195],{},"Custom + BYOM",[126,197,198,201,203,206],{},[147,199,200],{},"Admin controls",[147,202,176],{},[147,204,205],{},"Basic",[147,207,208],{},"Full",[17,210,212],{"id":211},"privacy-and-data-handling","Privacy and Data Handling",[94,214,216],{"id":215},"cloud-version","Cloud Version",[37,218,219,222,225,228],{},[40,220,221],{},"Code context sent to Sourcegraph cloud",[40,223,224],{},"LLM requests may go to third-party providers",[40,226,227],{},"SOC 2 Type II certified infrastructure",[40,229,230],{},"No training on customer code",[94,232,234],{"id":233},"self-hosted-enterprise","Self-Hosted Enterprise",[37,236,237,240,243,246],{},[40,238,239],{},"All code stays in your network",[40,241,242],{},"Can use your own LLM (BYOM)",[40,244,245],{},"No external API calls required",[40,247,248],{},"Full control over data",[17,250,252],{"id":251},"cody-vs-competitors","Cody vs Competitors",[120,254,255,270],{},[123,256,257],{},[126,258,259,261,264,267],{},[129,260,131],{},[129,262,263],{},"Cody",[129,265,266],{},"Copilot",[129,268,269],{},"Cursor",[142,271,272,286,296,309,321],{},[126,273,274,277,280,283],{},[147,275,276],{},"Codebase awareness",[147,278,279],{},"Full repo indexed",[147,281,282],{},"Current files",[147,284,285],{},"Project context",[126,287,288,290,292,294],{},[147,289,173],{},[147,291,140],{},[147,293,176],{},[147,295,140],{},[126,297,298,301,304,307],{},[147,299,300],{},"LLM flexibility",[147,302,303],{},"Multiple + BYOM",[147,305,306],{},"OpenAI only",[147,308,192],{},[126,310,311,314,316,319],{},[147,312,313],{},"Free tier",[147,315,181],{},[147,317,318],{},"Trial only",[147,320,152],{},[126,322,323,326,329,331],{},[147,324,325],{},"Code search",[147,327,328],{},"Yes (Sourcegraph)",[147,330,176],{},[147,332,205],{},[17,334,336],{"id":335},"best-practices","Best Practices",[94,338,340],{"id":339},"using-cody-safely","Using Cody Safely",[37,342,343,349,355,361],{},[40,344,345,348],{},[89,346,347],{},"Configure permissions:"," Control which repos are indexed",[40,350,351,354],{},[89,352,353],{},"Review generated code:"," Like all AI, output needs verification",[40,356,357,360],{},[89,358,359],{},"Use Enterprise for sensitive code:"," Self-hosted keeps code in your network",[40,362,363,366],{},[89,364,365],{},"Set up access controls:"," Limit who can query your codebase",[368,369,370,377,383,389],"faq-section",{},[371,372,374],"faq-item",{"question":373},"Does Cody store my code?",[13,375,376],{},"Cody indexes your code through Sourcegraph for search and context. In cloud deployments, this index is on Sourcegraph's servers. Enterprise self-hosted deployments keep everything in your infrastructure. Neither version uses your code for training.",[371,378,380],{"question":379},"Can I use Cody without Sourcegraph?",[13,381,382],{},"The VS Code extension can work standalone with basic functionality. However, Cody's unique value comes from codebase-wide context through Sourcegraph. Without it, Cody works similarly to other AI coding tools.",[371,384,386],{"question":385},"What LLMs does Cody use?",[13,387,388],{},"Cody can use multiple LLMs including Claude, GPT-4, and others depending on your plan. Enterprise customers can bring their own models (BYOM) for complete control over AI processing.",[371,390,392],{"question":391},"Is Cody better for large codebases?",[13,393,394],{},"Yes, Cody excels with large codebases because of its Sourcegraph integration. It can find and use relevant code from anywhere in your repository, not just nearby files. This is particularly valuable for monorepos and complex projects.",[17,396,398],{"id":397},"further-reading","Further Reading",[13,400,401],{},"Ready to secure your setup? Check out our hands-on guides.",[37,403,404,411,417],{},[40,405,406],{},[407,408,410],"a",{"href":409},"/blog/checklists/pre-deployment-security-checklist","Pre-deployment security checklist",[40,412,413],{},[407,414,416],{"href":415},"/blog/getting-started/first-scan","Run your first security scan",[40,418,419],{},[407,420,422],{"href":421},"/blog/best-practices/environment-variables","Environment variable best practices",[424,425,426,432,437],"related-articles",{},[427,428],"related-card",{"description":429,"href":430,"title":431},"Compare with Copilot","/blog/is-safe/copilot","Is GitHub Copilot Safe?",[427,433],{"description":434,"href":435,"title":436},"Complete setup guide","/blog/guides/cody","Cody Security Guide",[427,438],{"description":439,"href":440,"title":441},"Compare with Cursor","/blog/is-safe/cursor","Is Cursor Safe?",[443,444,447,451],"cta-box",{"href":445,"label":446},"/","Start Free Scan",[17,448,450],{"id":449},"using-cody","Using Cody?",[13,452,453],{},"Scan your project for security vulnerabilities in AI-generated code.",{"title":455,"searchDepth":456,"depth":456,"links":457},"",2,[458,459,460,464,465,469,470,473,474],{"id":19,"depth":456,"text":20},{"id":26,"depth":456,"text":27},{"id":78,"depth":456,"text":79,"children":461},[462],{"id":96,"depth":463,"text":97},3,{"id":117,"depth":456,"text":118},{"id":211,"depth":456,"text":212,"children":466},[467,468],{"id":215,"depth":463,"text":216},{"id":233,"depth":463,"text":234},{"id":251,"depth":456,"text":252},{"id":335,"depth":456,"text":336,"children":471},[472],{"id":339,"depth":463,"text":340},{"id":397,"depth":456,"text":398},{"id":449,"depth":456,"text":450},"is-safe","2026-02-12","Is Sourcegraph Cody safe to use? Security analysis of Cody AI coding assistant covering codebase awareness, privacy options, and enterprise security.",false,"md",null,"amber",{},true,"Security analysis of Sourcegraph Cody. Learn about codebase-aware AI and privacy features.","/blog/is-safe/cody","6 min read","[object Object]","Article",{"title":5,"description":477},{"loc":485},"blog/is-safe/cody",[],"summary_large_image","A8--6jCAuT6OS6ArYgYzU2z1qDOJ9Xm1C-8weO4GH3I",1775843924517]