LoginSign Up
← Back to all sparks
S

Sourcegraph

AI-ASSISTANTS
Velocity5.4

Code intelligence platform with the Cody AI coding assistant for navigating and editing large codebases.

sourcegraph.com

Reframing code search as AI-era code intelligence, with supply chain security as the proof-of-work.

ai-coding-agentssupply-chain-securitycode-searchdeep-searchmcpenterprise
Current state
Sourcegraph's recent output reads less like a code-search product blog and more like an applied AI agent and security research desk. The same supply chain incidents that drive their internal detection work are repackaged as case studies for Deep Search, while a growing body of agent-evaluation posts establishes them as a voice on where coding agents break in real codebases.
Where it's heading
The product surface is settling into three named pillars — Code Search, Deep Search, and MCP — each positioned for a distinct buyer. SCIP's transition to community ownership signals a deliberate narrowing: ship less peripheral infrastructure, double down on agent reliability and enterprise search. The security beat has become the editorial moat that ties it all together.
Prediction
Expect a deeper push on the 'agents in large codebases' angle, likely with more benchmark or evaluation content, plus continued supply chain incident coverage as the recurring drumbeat for enterprise sales.

Recent moves

  1. 6d ago

    Security Automation Evolved: From SlackOps to Programmatic SIEM Triage (Part 1/2)

    Continues the security-automation arc, swapping the Slack-triggered detection bot for programmatic SIEM rules with expression-based auto-close. Reads as Sourcegraph's internal infra maturing into the same shape they sell externally.

    View source ↗
  2. 12d ago

    Dependency prefixes are a supply chain risk: let's fix them

    An opinion piece arguing that ^ and ~ version ranges widen the attack surface of compromised packages. Extends the security-content beat without introducing new product capability — pure positioning.

    View source ↗
  3. 21d ago

    How we're using Sourcegraph and a Slack bot to detect vulnerabilities and react quickly

    Sourcegraph's own incident-response pipeline framed as a Deep Search case study: advisory in, detection queries and drafts out, one human reaction to gate it. Demonstrates the workflow they want enterprise customers to replicate.

    View source ↗
  4. 26d ago

    Why coding agents fail in large codebases (and what to do about it)

    ⚡ SPARK

    A 1,281-run dataset across 40+ open source repos naming five failure modes for coding agents in large codebases, with infrastructure fixes for each. Anchors the claim that agents only work when paired with serious code intelligence — a clean alignment between research output and product pitch.

    View source ↗
  5. 1mo ago

    Lessons on UX, security, and scale when building an enterprise-grade Slack agent

    Engineering retrospective on building the Deep Search Slack agent — rate limiting, enterprise security, UX trade-offs. Companion piece to the supply-chain Slack bot post; useful as customer reference architecture, but no new product surface.

    View source ↗
  6. 1mo ago

    Code Search, Deep Search, or MCP: When to Use Each

    ⚡ SPARK

    First explicit public taxonomy of Sourcegraph's three search modalities and when each applies. Pairs naturally with the agent-failure study as the AI-era product story crystallizes.

    View source ↗