Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Optimizing Developer Workflow with Sourcegraph

Optimizing Developer Workflow with Sourcegraph

In this talk, you'll learn how to optimize your developer workflow with Sourcegraph.

- Code Search
- Code Browsing
- Batch Changes
- Finding & getting rid of vulnerabilities in your codebase.
- Big Code

Cloudflare Developer Series, 2021

Otemuyiwa Prosper

November 15, 2021
Tweet

More Decks by Otemuyiwa Prosper

Other Decks in Programming

Transcript

  1. Developer Tools that make you move fast, and at scale.

    The Software Developers’ Best Companion >>>
  2. “Knowledge is of two kinds. We know a subject ourselves,

    or we know where we can find information upon it” - Samuel Johnson
  3. Sourcegraph’s users report an average of 30 mins a day

    saved by using code search. #1. Developer Workflow Optimization with Code Search >>>
  4. When you have 500 engineers searching code repos, multiple times

    a day, throughout each day, that’s huge time savings #1. Developer Workflow Optimization with Code Search >>>
  5. Jump to definitions & Find code references in a jiffy!

    #2. Developer Workflow Optimization with Efficient Code Browsing >>>
  6. “You don’t have to know everything, but you should learn

    how and where to find the things you need and want to know” - Albert Einstein
  7. Change code everywhere (hundreds of repos) with a single declarative

    file. #3. Developer Workflow Optimization with Batch Changes >>>
  8. #3. Developer Workflow Optimization with Batch Changes >>> Get started

    with Batch changes in less than 10 mins. Batch Changes Quick Start Guide >>>
  9. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>> Find

    secrets, tokens, keys across the entire org’s codebase via optimized code search.
  10. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>> repo:[our

    targeted repos]$ patterntype:regex // Strings longer than 32 characters, maybe base-64 encoded ("[a-z0-9+/]{32,}=?"|'[a-z0-9+/]{32,}=?'|`[a-z0-9+/]{32,}=?`) // Private keys -----BEGIN (RSA )?PRIVATE KEY----- // Lines ending with "=" (likely base64 values) [a-z0-9+/]+==?(['"],?)?\n
  11. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>> repo:[our

    targeted repos]$ patterntype:regex (token|secret|password|credential|key|private|sensitive)[^a-z0-9+/\n]+[a-z0-9+/]{16,}(['"] ,?)?\n or // Likely k8s secrets (kind: secret|kind secret|kubectl create secret) or //Slack (xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32}) or // GitHub [gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"] // Google, GCP, GSuite AIza[0-9A-Za-z\\-_]{35} or [0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com or ya29\\.[0-9A-Za-z\\-_]+
  12. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>> repo:[our

    targeted repos]$ patterntype:regex (credential|secret|private|\Wkey\W|token|sensitive|password|s ession|auth|license|\Wid\W) or [sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"]
  13. How to make Sourcegraph a part of your dev tools

    stack? Integrating Sourcegraph to You & Your Team’s Workflow >>>
  14. Integrating Sourcegraph to You & Your Team’s Workflow >>> •

    What’s the best way to run a trial of Sourcegraph in my team/org? ◦ Running a Sourcegraph trial/POC • How can I best communicate the value of code search to developers who’ve not used it before? ◦ See how developers at Uber, Lyft, Yelp depend on Sourcegraph every day
  15. Integrating Sourcegraph to You & Your Team’s Workflow >>> •

    Sign up on Sourcegraph Cloud (sourcegraph.com) ◦ Team Support (early access) on Sourcegraph Cloud coming in December, 2021
  16. • Hiring more engineers is good, leveraging better developer tools

    is great. • Make it a priority to bring the best developer tools to your organization. Developer Wisdom >>>
  17. • Search over 2.1M open source & public repositories across

    GitHub & Gitlab. • Search private code across several repositories • Precise code intelligence • Automation of large scale code changes via Batch changes. • Code monitoring • Code insights (still in beta) #1. Recap: Why you need to Optimize Developer Workflow with Sourcegraph >>>
  18. #2. Recap: Why you need to Optimize Developer Workflow with

    Sourcegraph >>> • Developer velocity - Help all your developers to move fast. With code intelligence & great search, code discovery is a walk in the park. • Onboarding new developers to a codebase - The faster developers can understand your massive codebase, the better. • Codebase refactors (batch changes) - as codebase grows, you need to refactor the codebase more intelligently.