<aside> 🚨 **Need to report a security issue?

[Report a Security Vulnerability](<https://sourcegraph.notion.site/Report-a-Security-Vulnerability-0db96429c20f4b7ca6653d3ab9d57448>)**

👮 Report an Incident

</aside>

<aside> 🛡️ Security Trust Portal

Please visit our Security Trust Portal for all of Sourcegraph's latest information on the security, reliability, privacy, and compliance of our product.

</aside>

<aside> 🔒 We think that security is an enabler for the business. Sourcegraph is committed to proactive security, and addressing vulnerabilities in a timely manner. We approach security with a can-do philosophy, and look to achieve product goals while maintaining a positive posture, and improving our security stance over time.

</aside>

Untitled

About the team

@Diego Comas Head of Security

@Dora Compliance Manager

@Mohammad Alam Security Engineer

@Shiva Sankar Security Engineer

@André Eleuterio Security Engineer

@Will Dollman Security Engineer

@Vincent Ruijter Security Engineer

Key Resources

☑️ Security Trust Portal

Security Questionnaires

Accepted CVEs in Sourcegraph Releases

What the Security Team Does

Security Team Interviews

Security Ambassador Program

Secret Scanning at Sourcegraph

Office Security Guidelines

Contact

We're here to help so reach out to us at [email protected] with any questions you may have. Sourcegraph employees can reach us in the #discuss-security Slack channel or tag us using @sourcegraph/security on GitHub or @sourcegraph/security-code-review for a code review.

Security Attestations & Questionnaires

Sourcegraph's security team puts great importance on verification and attestation through industry standards when it comes to our security practices and posture. Please find all the information on attestation evidence (SOC 2, pentests, etc.) and our Security Trust Portal here.

Security Policies

We are responsible for maintaining company-wide Security policies and processes.

All Security Handbook Pages

Untitled

Misc Links

Security policies and processes

Security Team Interviews

Security tooling and processes

Security Ambassador Program

What the Security Team Does

Report a Security Vulnerability

Security Incident Response Policy

Sourcegraph's Security Trust Portal

Cloud Security Policy

Terraform Cloud

Security Questionnaires

Kolide Integration

Security Training