$30 off During Our Annual Pro Sale. View Details »

Optimizing Developer Workflow with Sourcegraph

Optimizing Developer Workflow with Sourcegraph

In this talk, you'll learn how to optimize your developer workflow with Sourcegraph.

- Code Search
- Code Browsing
- Batch Changes
- Finding & getting rid of vulnerabilities in your codebase.
- Big Code

Cloudflare Developer Series, 2021

Otemuyiwa Prosper

November 15, 2021
Tweet

More Decks by Otemuyiwa Prosper

Other Decks in Programming

Transcript

  1. Optimizing Developer
    Workflow with
    Sourcegraph
    https://sourcegraph.com

    View Slide

  2. Prosper Otemuyiwa
    Co-founder, forloop Africa & Eden Life
    Developer Advocate, Sourcegraph

    View Slide

  3. Build. Ship. Scale.
    The Software Developers’ Mantra >>>

    View Slide

  4. Building, shipping & scaling
    great software is hard.
    The Software Developers’ Excruciating Pain>>>

    View Slide

  5. Developer Tools that make
    you move fast, and at scale.
    The Software Developers’ Best Companion >>>

    View Slide

  6. Fast & Scalable Code
    Search.
    #1. Developer Workflow Optimization with Code Search >>>

    View Slide

  7. “Knowledge is of two kinds. We
    know a subject ourselves, or we
    know where we can find
    information upon it” -
    Samuel Johnson

    View Slide

  8. Sourcegraph’s users report an
    average of 30 mins a day
    saved by using code search.
    #1. Developer Workflow Optimization with Code Search >>>

    View Slide

  9. When you have 500 engineers
    searching code repos, multiple
    times a day, throughout each
    day, that’s huge time savings
    #1. Developer Workflow Optimization with Code Search >>>

    View Slide

  10. #1. Developer Workflow Optimization with Code Search >>>

    View Slide

  11. #1. Developer Workflow Optimization with Code Search >>> LITERAL SEARCH

    View Slide

  12. #1. Developer Workflow Optimization with Code Search >>> LITERAL SEARCH

    View Slide

  13. #1. Developer Workflow Optimization with Code Search >>> LITERAL SEARCH

    View Slide

  14. #1. Developer Workflow Optimization with Code Search >>> REGULAR EXPRESSION SEARCH

    View Slide

  15. #1. Developer Workflow Optimization with Code Search >>> STRUCTURAL SEARCH

    View Slide

  16. #1. Developer Workflow Optimization with Code Search >>> STRUCTURAL SEARCH

    View Slide

  17. Jump to definitions & Find
    code references in a jiffy!
    #2. Developer Workflow Optimization with Efficient Code Browsing >>>

    View Slide

  18. #2. Developer Workflow Optimization with Efficient Code Browsing >>> Code Intelligence

    View Slide

  19. #2. Developer Workflow Optimization with Efficient Code Browsing >>> Find References

    View Slide

  20. #2. Developer Workflow Optimization with Efficient Code Browsing >>> Jump to Definition

    View Slide

  21. “You don’t have to know
    everything, but you should learn
    how and where to find the things
    you need and want to know”
    - Albert Einstein

    View Slide

  22. Change code everywhere
    (hundreds of repos) with a
    single declarative file.
    #3. Developer Workflow Optimization with Batch Changes >>>

    View Slide

  23. #3. Developer Workflow Optimization with Batch Changes >>>

    View Slide

  24. #3. Developer Workflow Optimization with Batch Changes >>>

    View Slide

  25. #3. Developer Workflow Optimization with Batch Changes >>>
    Get started with Batch changes
    in less than 10 mins.
    Batch Changes Quick Start Guide >>>

    View Slide

  26. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>>
    Find secrets, tokens, keys across
    the entire org’s codebase via
    optimized code search.

    View Slide

  27. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>> Regex Secret Search

    View Slide

  28. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>>
    repo:[our targeted repos]$ patterntype:regex
    // Strings longer than 32 characters, maybe base-64 encoded
    ("[a-z0-9+/]{32,}=?"|'[a-z0-9+/]{32,}=?'|`[a-z0-9+/]{32,}=?`)
    // Private keys
    -----BEGIN (RSA )?PRIVATE KEY-----
    // Lines ending with "=" (likely base64 values)
    [a-z0-9+/]+==?(['"],?)?\n

    View Slide

  29. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>>
    repo:[our targeted repos]$ patterntype:regex
    (token|secret|password|credential|key|private|sensitive)[^a-z0-9+/\n]+[a-z0-9+/]{16,}(['"]
    ,?)?\n or
    // Likely k8s secrets
    (kind: secret|kind secret|kubectl create secret) or
    //Slack
    (xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32}) or
    // GitHub
    [gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"]
    // Google, GCP, GSuite
    AIza[0-9A-Za-z\\-_]{35} or
    [0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com or
    ya29\\.[0-9A-Za-z\\-_]+

    View Slide

  30. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>>
    repo:[our targeted repos]$ patterntype:regex
    (credential|secret|private|\Wkey\W|token|sensitive|password|s
    ession|auth|license|\Wid\W)
    or
    [sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"]

    View Slide

  31. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>> Find exact vulnerable
    dependencies

    View Slide

  32. How to make Sourcegraph a
    part of your dev tools stack?
    Integrating Sourcegraph to You & Your Team’s Workflow >>>

    View Slide

  33. Integrating Sourcegraph to You & Your Team’s Workflow >>>
    ● What’s the best way to run a trial of
    Sourcegraph in my team/org?
    ○ Running a Sourcegraph trial/POC
    ● How can I best communicate the value of code
    search to developers who’ve not used it
    before?
    ○ See how developers at Uber, Lyft, Yelp depend on
    Sourcegraph every day

    View Slide

  34. Integrating Sourcegraph to You & Your Team’s Workflow >>>
    ● Sign up on Sourcegraph Cloud (sourcegraph.com)
    ○ Team Support (early access) on Sourcegraph
    Cloud coming in December, 2021

    View Slide

  35. ● Hiring more engineers is good, leveraging better
    developer tools is great.
    ● Make it a priority to bring the best developer
    tools to your organization.
    Developer Wisdom >>>

    View Slide

  36. ● Search over 2.1M open source & public repositories across
    GitHub & Gitlab.
    ● Search private code across several repositories
    ● Precise code intelligence
    ● Automation of large scale code changes via Batch changes.
    ● Code monitoring
    ● Code insights (still in beta)
    #1. Recap: Why you need to Optimize Developer Workflow with Sourcegraph >>>

    View Slide

  37. #2. Recap: Why you need to Optimize Developer Workflow with Sourcegraph >>>
    ● Developer velocity - Help all your developers to move fast.
    With code intelligence & great search, code discovery is a
    walk in the park.
    ● Onboarding new developers to a codebase - The faster
    developers can understand your massive codebase, the
    better.
    ● Codebase refactors (batch changes) - as codebase grows, you
    need to refactor the codebase more intelligently.

    View Slide

  38. Learn more about Sourcegraph >>>
    https://learn.sourcegraph.com

    View Slide

  39. Sourcegraph Resources!
    ● learn.sourcegraph.com
    ● docs.sourcegraph.com
    ● dev.to/sourcegraph
    ● about.sourcegraph.com/blog
    ● info.sourcegraph.com/dev-tool-time
    ● about.sourcegraph.com/podcast

    View Slide

  40. Twitter: @unicodeveloper
    GitHub: @unicodeveloper
    Thanks & Optimize your dev. workflow today!

    View Slide