Poisoned LiteLLM packages on PyPI started stealing credentials. Using Deep Search and Code Search, we traced which public repos were protected by version pinning and which were left exposed. Here's how—and how you can do the same for any supply chain incident.

We are excited to announce our transition to a community-driven open source project. While making this change, we reaffirm our deep commitment to remaining active members of the community.

While direct API calls seem cheaper and easier, they lack the safety layer large organizations rely on. Tool connection protocols aren't dead; they remain vital for security, governance, and centralized control in big teams.

The initial findings from CodeScaleBench, a new benchmark designed to evaluate coding agents against the true complexity of enterprise software development, including large codebases and multi-repository tasks.

Today, we're announcing Sourcegraph 7.0, a release that marks the beginning of a new chapter for our company and product.

The hidden cost of being a data-driven company is context-switching for analysts due to "quick questions." DataBot allows the data team to focus on auditing analysis instead of performing it.

Deep Search empowers our Support Engineers to bypass initial escalations, enabling them to dive directly into investigating the root cause of issues.

Cross-repo search provides semantic code understanding across repositories.

Introducing the new Sourcegraph changelog, rolling out with the release of Sourcegraph 6.12 to better highlight exciting new improvements and features. Learn more about the new changelog and the future of Sourcegraph updates.

Sourcegraph is only for companies who face “big code” problems. What are “big code” problems you ask?

We're excited to share that starting on February 25 2026, we will be transitioning to shipping exciting weekly product updates for Sourcegraph Cloud customers.

Millions of hardcoded secrets are pushed to public repositories every year, making credential leakage a leading cause of data breaches. This complete guide explains how to prevent these leaks, compares popular detection tools, and details the layered strategy required to secure your entire enterprise codebase.

Developer experience is the key competitive advantage for engineering leaders in 2026, enabling higher retention and faster delivery by eliminating tooling friction. Dive into our comprehensive guide comparing the 12 best DevEx tools across six critical categories—from code search to developer portals and metrics to build your unified DevEx stack.

The React Server Components vulnerability was more persistent than initially anticipated, but the latest patch has eliminated the React2Shell exploit.

Your AI coding assistant can write code, but can it tell you where that endpoint is called across your 500 microservices spread out across dozens of repositories?

Automate the fix and full remediation for the critical React Server Components vulnerability across your codebase using Sourcegraph's Batch Changes, MCP server, and Deep Search.

AI coding tools are generating code faster than ever, making strong code search and intelligence like Sourcegraph a critical tool for managing the resulting growth and complexity of enterprise codebases.

This post provides Sourcegraph code search queries and Deep Search instructions to immediately find and track all projects affected by the CVE-2025-55182 remote code execution flaw in React Server Components.

Our new CEO, Dan Adler, reflects on the evolution of code search and shares our strategic vision for supporting deep code understanding to both developers and AI agents.

Sourcegraph and Amp are becoming two separate companies, with Dan Adler stepping up as CEO of the code search business while co-founders Quinn Slack and Beyang Liu launch Amp Inc. to focus on frontier coding agents.