Optimizing Developer Workflow with Sourcegraph

Transcript

1. Optimizing Developer
   Workflow with
   Sourcegraph
   https://sourcegraph.com
   

   View Slide

2. Prosper Otemuyiwa
   Co-founder, forloop Africa & Eden Life
   Developer Advocate, Sourcegraph
   

   View Slide

3. Build. Ship. Scale.
   The Software Developers’ Mantra >>>
   

   View Slide

4. Building, shipping & scaling
   great software is hard.
   The Software Developers’ Excruciating Pain>>>
   

   View Slide

5. Developer Tools that make
   you move fast, and at scale.
   The Software Developers’ Best Companion >>>
   

   View Slide

6. Fast & Scalable Code
   Search.
   #1. Developer Workflow Optimization with Code Search >>>
   

   View Slide

7. “Knowledge is of two kinds. We
   know a subject ourselves, or we
   know where we can find
   information upon it” -
   Samuel Johnson
   

   View Slide

8. Sourcegraph’s users report an
   average of 30 mins a day
   saved by using code search.
   #1. Developer Workflow Optimization with Code Search >>>
   

   View Slide

9. When you have 500 engineers
   searching code repos, multiple
   times a day, throughout each
   day, that’s huge time savings
   #1. Developer Workflow Optimization with Code Search >>>
   

   View Slide

10. #1. Developer Workflow Optimization with Code Search >>>
    

    View Slide

11. #1. Developer Workflow Optimization with Code Search >>> LITERAL SEARCH
    

    View Slide

12. #1. Developer Workflow Optimization with Code Search >>> LITERAL SEARCH
    

    View Slide

13. #1. Developer Workflow Optimization with Code Search >>> LITERAL SEARCH
    

    View Slide

14. #1. Developer Workflow Optimization with Code Search >>> REGULAR EXPRESSION SEARCH
    

    View Slide

15. #1. Developer Workflow Optimization with Code Search >>> STRUCTURAL SEARCH
    

    View Slide

16. #1. Developer Workflow Optimization with Code Search >>> STRUCTURAL SEARCH
    

    View Slide

17. Jump to definitions & Find
    code references in a jiffy!
    #2. Developer Workflow Optimization with Efficient Code Browsing >>>
    

    View Slide

18. #2. Developer Workflow Optimization with Efficient Code Browsing >>> Code Intelligence
    

    View Slide

19. #2. Developer Workflow Optimization with Efficient Code Browsing >>> Find References
    

    View Slide

20. #2. Developer Workflow Optimization with Efficient Code Browsing >>> Jump to Definition
    

    View Slide

21. “You don’t have to know
    everything, but you should learn
    how and where to find the things
    you need and want to know”
    - Albert Einstein
    

    View Slide

22. Change code everywhere
    (hundreds of repos) with a
    single declarative file.
    #3. Developer Workflow Optimization with Batch Changes >>>
    

    View Slide

23. #3. Developer Workflow Optimization with Batch Changes >>>
    

    View Slide

24. #3. Developer Workflow Optimization with Batch Changes >>>
    

    View Slide

25. #3. Developer Workflow Optimization with Batch Changes >>>
    Get started with Batch changes
    in less than 10 mins.
    Batch Changes Quick Start Guide >>>
    

    View Slide

26. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>>
    Find secrets, tokens, keys across
    the entire org’s codebase via
    optimized code search.
    

    View Slide

27. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>> Regex Secret Search
    

    View Slide

28. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>>
    repo:[our targeted repos]$ patterntype:regex
    // Strings longer than 32 characters, maybe base-64 encoded
    ("[a-z0-9+/]{32,}=?"|'[a-z0-9+/]{32,}=?'|`[a-z0-9+/]{32,}=?`)
    // Private keys
    -----BEGIN (RSA )?PRIVATE KEY-----
    // Lines ending with "=" (likely base64 values)
    [a-z0-9+/]+==?(['"],?)?\n
    

    View Slide

29. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>>
    repo:[our targeted repos]$ patterntype:regex
    (token|secret|password|credential|key|private|sensitive)[^a-z0-9+/\n]+[a-z0-9+/]{16,}(['"]
    ,?)?\n or
    // Likely k8s secrets
    (kind: secret|kind secret|kubectl create secret) or
    //Slack
    (xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32}) or
    // GitHub
    [gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"]
    // Google, GCP, GSuite
    AIza[0-9A-Za-z\\-_]{35} or
    [0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com or
    ya29\\.[0-9A-Za-z\\-_]+
    

    View Slide

30. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>>
    repo:[our targeted repos]$ patterntype:regex
    (credential|secret|private|\Wkey\W|token|sensitive|password|s
    ession|auth|license|\Wid\W)
    or
    [sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"]
    

    View Slide

31. #4. Developer Workflow Optimization via Optimized Vulnerability Discovery >>> Find exact vulnerable
    dependencies
    

    View Slide

32. How to make Sourcegraph a
    part of your dev tools stack?
    Integrating Sourcegraph to You & Your Team’s Workflow >>>
    

    View Slide

33. Integrating Sourcegraph to You & Your Team’s Workflow >>>
    ● What’s the best way to run a trial of
    Sourcegraph in my team/org?
    ○ Running a Sourcegraph trial/POC
    ● How can I best communicate the value of code
    search to developers who’ve not used it
    before?
    ○ See how developers at Uber, Lyft, Yelp depend on
    Sourcegraph every day
    

    View Slide

34. Integrating Sourcegraph to You & Your Team’s Workflow >>>
    ● Sign up on Sourcegraph Cloud (sourcegraph.com)
    ○ Team Support (early access) on Sourcegraph
    Cloud coming in December, 2021
    

    View Slide

35. ● Hiring more engineers is good, leveraging better
    developer tools is great.
    ● Make it a priority to bring the best developer
    tools to your organization.
    Developer Wisdom >>>
    

    View Slide

36. ● Search over 2.1M open source & public repositories across
    GitHub & Gitlab.
    ● Search private code across several repositories
    ● Precise code intelligence
    ● Automation of large scale code changes via Batch changes.
    ● Code monitoring
    ● Code insights (still in beta)
    #1. Recap: Why you need to Optimize Developer Workflow with Sourcegraph >>>
    

    View Slide

37. #2. Recap: Why you need to Optimize Developer Workflow with Sourcegraph >>>
    ● Developer velocity - Help all your developers to move fast.
    With code intelligence & great search, code discovery is a
    walk in the park.
    ● Onboarding new developers to a codebase - The faster
    developers can understand your massive codebase, the
    better.
    ● Codebase refactors (batch changes) - as codebase grows, you
    need to refactor the codebase more intelligently.
    

    View Slide

38. Learn more about Sourcegraph >>>
    https://learn.sourcegraph.com
    

    View Slide

39. Sourcegraph Resources!
    ● learn.sourcegraph.com
    ● docs.sourcegraph.com
    ● dev.to/sourcegraph
    ● about.sourcegraph.com/blog
    ● info.sourcegraph.com/dev-tool-time
    ● about.sourcegraph.com/podcast
    

    View Slide

40. Twitter: @unicodeveloper
    GitHub: @unicodeveloper
    Thanks & Optimize your dev. workflow today!
    

    View Slide