Security team
We think that security is an enabler for the business. Sourcegraph is committed to proactive security, and addressing vulnerabilities in a timely manner. We approach security with a can-do philosophy, and look to achieve product goals while maintaining a positive posture, and increasing our security stance over time.
Members
- Diego Comas
- André Eleuterio
- Mohammad Umer Alam
- Lauren Chapman
- David Sandy
- security engineer
Contact
- security@sourcegraph.com
- #security channel Slack.
- @sourcegraph/security on GitHub.
- report a vulnerability
Goals and priorities
Onboarding
- New members onboarding guide
Responsibilities
- Proactively improve the security of our application and infrastructure.
- Define, plan, and prioritize security work that needs to be done (and then go do that work).
- Directly contribute to our codebase (i.e., Go, TypeScript, Kubernetes, Docker, Google Cloud Platform) to secure our application and deployments, and help other engineers on our team make the necessary changes.
- Respond to security vulnerability reports
- Increase our security posture by running traditional security tools such as vulnerability scanners, SAST, and DAST tools.
- Create a culture of security at Sourcegraph that empowers all of our engineers to write secure code.
- Respond to Security Incidents as per our Security Incident Response Policy
How to work with us
Security Questionnaires
We’re always happy for teams to request security code reviews.
Security questionnaires for new and existing customers should follow the process here - feel free to message us on #security too.
Questions and Support Requests
Security questions and support requests should be raised in #security:
- Click the lightning bolt below the Slack message box in #security
- Select an option at the top of the menu
- Fill out the questions
- Tag @security-support in the resulting thread if urgent
Reach out to us on #security if you have any doubts, or for any reason feel like our process can’t work for you in a particular case.