index.md

Sourcegraph Cloud

Sourcegraph Cloud is a single-tenant cloud solution. Cloud instances are private, dedicated instances provisioned and managed by Sourcegraph. Sourcegraph Cloud was formerly known as managed instances.

Sourcegraph provisions each instance in an isolated and secure cloud environment. Access is restricted to only your organization through your SSO provider of choice. Enterprise VPN is available upon request.

Start a Sourcegraph Cloud trial

Get Sourcegraph on your code.

A single-tenant instance managed by Sourcegraph.

Sign up for a 15 day trial for your team.

Get free trial now

Use the button above to sign up for a free 15-day trial of Sourcegraph Cloud. Please contact us if you have specific VPN requirements or you require a large deployment with >500 users, >1,000 repos, or monorepos >5 GB.

Trial limitations

We currently have a limited capacity of single-tenant cloud instances and are prioritizing organizations with more than 100 developers. When you request a trial, you will receive an email indicating the status of your request.

If your organization has fewer than 100 developers, we recommend trying Sourcegraph self-hosted.

If you're eligible for a cloud instance, you will receive a link to the instance URL once it's provisioned. This normally takes less than one hour during business hours. From there, we recommend using the onboarding checklist to set up your instance quickly.

Trials last 15 days. When the end of the trial approaches, Sourcegraph's Customer Support team will check in with you to either help you set up a Cloud subscription or end your trial.

Cloud subscription

As part of this service you will receive a number of benefits from our team, including:

Initial setup, configuration, and cost estimation

• Advising if managed instances are right for your organization.
• Initial resource estimations based on your organization & code size.
• Putting forward a transparent deployment & cost estimate plan.
• Your own example.sourcegraphcloud.com domain with fully managed DNS & HTTPS. Optionally, you can bring your own domain.
• Hardware provisioning, software installation, and kernel configuration done for you.
• Direct assistance in:
  • Adding repositories from all of your code hosts to Sourcegraph
  • Integrating your single sign-on provider with Sourcegraph
  • Configuring Sourcegraph

Access to all Sourcegraph features

All Sourcegraph features are avilable on Sourcegraph Cloud instances out-of-the-box, including but not limited to:

• Server-side Batch Changes
• Precise code navigation powered by auto-indexing
• Code Monitoring (including email delivery of notifications)

Access restrictions

• Granting your team application-level admin access to the instance.
• Configuring any IP-restrictions (e.g. VPN) and/or SSO restrictions to the instance.

Monthly upgrades and maintenance

• Automatic monthly upgrades and maintenance.
• Regular reassessment of resource utilization based on your organization's unique usage to determine if costs can be reduced without impact to service. Additionally, you will automatically benefit from any committed use cloud provider discounts we receive.

Custom domains

Sourcegraph Cloud provides all customer instances a customer.sourcegraphcloud.com domain. This domain is fully managed by Sourcegraph, including DNS and HTTPS. However, to provide better branding and a more seamless experience for your users, you may bring your own company domain, for example sourcegraph.company.io.

In order to use your own domain, you need to perform an one-time setup by adding DNS records at your authoritative DNS. These DNS records are neccessary to ensure that your users can access your Sourcegraph instance via the custom domain, and also to ensure we can provide managed TLS certificates for your instance. See a list of DNS records to be created by your organization below as an example. Additionally, your custom domain's CAA records should permit our upstream certificate authorities to issue certificates for your domain, follow the instructions below to verify your CAA records.

Please reach out to your Sourcegraph account team to request a custom domain to be configured for your Sourcegraph Cloud instance.

DNS records to be created by your organization

Below is a list of the DNS records that are required to be created by your organization. This is for illustrative purposes only, and the actual records will be provided by your Sourcegraph account team. We use src.acme.com as an example custom domain.

• CNAME record for src.acme.com pointing to acme.sourcegraphcloud.com
• TXT record for _cf-custom-hostname.src.acme.com with value $token
• CNAME record for _acme-challenge.src.acme.com pointing to src.acme.com.$token.dcv.cloudflare.com

Verify CAA records

To verify that your CAA records are set correctly, you can use the following command:

dig acme.com caa +short
dig src.acme.com caa +short

If the output is empty, you don't have to do anything. If the output is not empty, and it does not contain letsencrypt.org and pki.goog, you need to add them to your CAA records to the apex domain or your desired subdomain, e.g., src.acme.com.

Limitations

• You can only have a single custom domain per Sourcegraph Cloud instance.
• You can only use the custom domain to access your Sourcegraph Cloud instance.

Multiple region availability

Sourcegraph Cloud instances are deployed in one of Google Cloud Platform data center locations:

• North America (USA) - us-central1
• Europe (UK or Germany) - europe-west2 or europe-west3
• Asia (Japan) - asia-northeast1
• Australia - australia-southeast1

If you have specific requirements for the region, please reach out to your Sourcegraph account team.

More details about the locations and data storage can be found in our handbook

Private Code Host support

Public code hosts are supported by Sourcegraph Cloud out-of-the-box. They are either publically accessible or protected by IP-based firewall rules, Sourcegraph Cloud can provide static IP addresses for customers to add to their firewall allowlist. Please let your account team know.

Private code hosts refer to code hosts that are not publicly accessible, such as self-hosted GitHub Enterprise servers or self-hosted GitLab instances deployed in a private network that are only accessible through VPN. Learn more about private code hosts support below:

• Code hosts on AWS without public access
• Code hosts on GCP without public access
• Code hosts on Azure is not supported yet, please reach out to your account manager if you are interested in this feature.
• Code hosts on custom data center is not supported yet, please reach out to your account manager if you are interested in this feature.

Health monitoring, support, and SLAs

• Instance performance and health monitored by our team's on-call engineers.
• Support and SLAs.

Backup and restore

SOC2/CI-79

Backup and restore capability is provided via automated snapshots.

• Frequency: Snapshots are produced daily.
• Retention period: Snapshots are kept for 90 days.

Training, feedback, and engagement

As with any Sourcegraph enterprise customer, you will also receive support from us with:

• Installing code host and code review integrations
• Monitoring and aggregating user feedback
• Understanding usage statistics of your deployment
• Internal rollout programs including:
  • Holding company-wide or team-by-team training sessions (contact us for details)
  • Helping the maintainers of your internal engineer onboarding add a session on Sourcegraph
  • Holding ongoing brown bag lunches to introduce new feature releases
  • Advice and templates on how to introduce Sourcegraph to your engineering organization

Managed SMTP

All Sourcegraph Cloud instances are provisioned with a Sourcegraph-managed SMTP server through a third-party provider for transactional email delivery. Email capabilities power features like:

• Code Monitoring notifications
• Inviting other users to a Sourcegraph instance, or to an organization/team on a Sourcegraph instance
• Important updates to user accounts (for example, creation of API keys)
• For builtin authentication, password resets and email verification

By default, emails will be sent from an @cloud.sourcegraph.com email address. To test email delivery, refer to sending a test email.

To opt out of managed SMTP, please let your Sourcegraph Account team know when requesting a trial. You can also opt out by overriding the managed email.address and email.smtp configuration with your own in site configuration. If you have specific requests for managed SMTP, please reach out regarding special requirements.

To learn more about how the Sourcegraph team operates managed SMTP internally, refer to our handbook.

Cody

Beta This feature is beta and might change in the future. We've released it to provide a preview of functionality we're working on.

Cody is an AI coding assistant that lives in your editor that can find, explain, and write code. Cody uses a combination of Large Language Models (LLMs), Sourcegraph search, and Sourcegraph code intelligence to provide answers that eliminate toil and keep human programmers in flow. You can think of Cody as your programmer buddy who has read through all the code in open source, all the questions on StackOverflow, and all your organization's private code, and is always there to answer questions you might have or suggest ways of doing something based on prior knowledge. Learn more from Cody documentation about how Cody can help you.

On Cloud, Cody can be enabled by contacting your Sourcegraph account team. Once Cody has been enabled by us, you can follow the instruction below to try it out.

Step 1: Configure the VS Code extension

Now that Cody is turned on on your Sourcegraph Cloud instance, any user can configure and use the Cody VS Code extension. This does not require admin privilege.

1. If you currently have a previous version of Cody installed, uninstall it and reload VS Code before proceeding to the next steps.
2. Search for “Sourcegraph Cody” in your VS Code extension marketplace, and install it.

3. Reload VS Code, and open the Cody extension. Review and accept the terms.

4. Now you'll need to point the Cody extension to your Sourcegraph instance. On your instance, go to settings / access token (https://<your-instance>.sourcegraphcloud.com/users/<your-username>/settings/tokens). Generate an access token, copy it, and set it in the Cody extension.

5. In the Cody VS Code extension, set your instance URL and the access token

You're all set!

Step 2: Try Cody!

A few things you can ask Cody:

• "What are popular go libraries for building CLIs?"
• Open your workspace, and ask "Do we have a React date picker component in this repository?"
• Right click on a function, and ask Cody to explain it

Requirements

Business

• A dedicated project manager who serves as the point of contact for the rollout process.
• A mutual non-disclosure agreement and any additional approvals or special status required to allow Sourcegraph to manage infrastructure access tokens (listed below).
• Acceptance of our Terms of Service for private instances or an enterprise contract.

Technical

• A dedicated technical point of contact for the installation process.
• Tokens with read access to your code hosts (we will direct you on how to enter them).
• Keys, access tokens, or any other setup required to integrate your SSO (single sign-on) provider with Sourcegraph, as well as support from a member of your team with administrator access to your SSO provider to help set up and test the integration.

Limitation

NOTE: We may be able to support special requests, please reach out to your account team.

• The Sourcegraph instance can only be accessible via a public IP. Running it in a private network and pairing it with your private network via site-to-site VPN or VPC Peering is not yet supported.
• Code hosts or user authentication providers running in a private network are not yet supported. They have to be publically available or they must allow incoming traffic from Sourcegraph-owned static IP addresses. We do not have proper support for other connectivity methods, e.g. site-to-site VPN, VPC peering, tunneling.
• Instances currently run only on Google Cloud Platform in the chosen regions. Other regions and cloud providers (such as AWS or Azure) are not yet supported.
• Some configuration options are managed by Sourcegrpah and cannot be override by customers, e.g. feature flags, experimental features.

Security

Your managed instance will be accessible over HTTPS/TLS, provide storage volumes that are encrypted at rest, and have access restricted to only your team through your enterprise VPN and/or internal SSO (single sign-on provider) of choice.

For all managed instances, we will provide security capabilities from Cloudflare such as WAF and rate-limiting to protect your instance from malicious traffic.

Your instance will be hosted in isolated Google Cloud infrastructure. See our employee handbook to learn more about the cloud architecture we use. Both your team and limited Sourcegraph personnel will have application-level administrator access to the instance.

Only essential Sourcegraph personnel will have access to the instance, server, code, and any other sensitive materials, such as tokens or keys. The employees or contractors with access are bound by the same terms as Sourcegraph itself. Learn more in our security policies for Sourcegraph Cloud or contact us with any questions or concerns. You may also request a copy of our SOC 2 Report on our security portal.

Sourcegraph management access

Sourcegraph management access is the ability for Sourcergaph employees to grant time-bound and audit-trailed UI access to Cloud instances in the events of instance maintenance, issue troubleshooting, and customer assistance. Customer consent is guaranteed prior to human accesses.

All Sourcegraph Cloud instances have Sourcegraph management access enabled by default, and customers may request to disable by contacting your Sourcegraph contact.

Audit Logs

Our Cloud instances provide audit logs to help you monitor and investigate actions taken by users and the system. These logs are available to download by request and are also sent to a centralized logging service for 30 day retention (configurable for greater periods by request).

Accommodating special requirements

We may be able to support special requests (network access policies, infrastructure requirements, custom version control systems, etc.) with additional time, support, and fees. Contact us to discuss any special requirements you may have.