Tweet
Tweet

Slide 1

Slide 1 text

10 Code Search Tricks for Open Source Using Sourcegraph to improve onboarding and productivity in the context of OSS JSWorld Online 2021

Slide 2

Slide 2 text

Sourcegraph Code Search ● Search across millions of indexed open source repositories ○ doesn't require an account ● Search across your public and private repositories ○ requires an account to sync your repos from multiple code hosts ● Other options: Self hosted ○ free up to 10 users

Slide 3

Slide 3 text

Browser-based search (sourcegraph.com/search)

Slide 4

Slide 4 text

IDE-based search (VSCode Plugin)

Slide 5

Slide 5 text

1. Find projects that welcome contributors Use case: you want to find a welcoming open source project to contribute to (ex: for Hacktoberfest)

Slide 6

Slide 6 text

Search string: contributing lang:Markdown

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

2. Find welcoming projects in language or framework Use case: you want to find a welcoming open source project in your language or framework of choice to contribute to

Slide 10

Slide 10 text

Search string: contributing lang:Markdown repohasfile:"^composer.json$" patterntype:regexp

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

3. Find projects relying on specific dependencies Use case: you want to find out which projects are relying on a library you wrote, and how they're using it

Slide 13

Slide 13 text

Search string: tailwindcss file:package.json

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

4. Find how an object is used across multiple repositories Use case: you want to use an undocumented function or method from an open source project and would like to see usage examples

Slide 16

Slide 16 text

Search string: repo:^github\.com/minicli/.* new TableHelper lang:PHP

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

Search string: repo:^github\.com/minicli/.* getPrinter()->out(...,...) patterntype:structural

Slide 19

Slide 19 text

No content

Slide 20

Slide 20 text

5. Find exposed keys and secrets across repositories Use case: you want to check if any of your repositories contains exposed keys and secrets that were committed by mistake

Slide 21

Slide 21 text

Search string: repo:^github\.com/sourcegraph/.* (key|secret|token)-[\w+]{32,} patterntype:regexp

Slide 22

Slide 22 text

6. Find usage of compromised dependencies Use case: you find out about a compromised package and want to check if the malicious code is included in any of your repositories

Slide 23

Slide 23 text

Search string: symfont/process lang:JSON

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

7. Audit an organization for outdated dependencies Use case: you want to check across repositories for dependencies with a specific version

Slide 26

Slide 26 text

Search string: file:package.json lodash 4.17.19 patterntype:regexp

Slide 27

Slide 27 text

8. Find code that is not up to language standards Use case: you want to audit one or multiple repositories for code that is not up to predefined standards and best practices

Slide 28

Slide 28 text

Search string: lang:PHP ^if([(...)]) patterntype:regexp

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

9. Search for recent changes in large or multiple projects Use case: you want to be on top of any new functionality or bug patches in a project you rely on

Slide 31

Slide 31 text

Search string: repo:^github\.com/laravel/laravel$ type:commit after:lastweek

Slide 32

Slide 32 text

No content

Slide 33

Slide 33 text

10. Find deprecated function calls across repositories Use case: you need to update a project to a newer version of a framework or language, but there might be breaking changes

Slide 34

Slide 34 text

Search string: mhash(...) lang:PHP select:content patterntype:structural

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

Thank You! Questions? Twitter: @erikaheidi E-mail: [email protected] https://sourcegraph.com