How to Secure Your Sourcegraph Cody App
Last updated: January 12, 2026
Sourcegraph Cody provides AI coding assistance with codebase awareness. This guide covers securing applications built with Cody's help.
Step-by-Step Security Guide
1. Configure Context Exclusions
Exclude sensitive files from Cody's context using .cody/ignore or repository settings.
# .cody/ignore
.env*
secrets/
credentials.json2. Review AI-Generated Code
Cody generates code based on your codebase patterns. If existing code has issues, suggestions may inherit them.
3. Validate Security Suggestions
When Cody suggests security-related code, verify it follows current best practices.
4. Audit Dependencies
Check any packages Cody suggests for known vulnerabilities before adding them.
5. Use for Code Review
Ask Cody to review code for security issues. Its codebase awareness can help find patterns.
6. Scan Deployed Applications
Run VAS to verify your deployed application is secure.
Common Security Mistakes
Avoid these common Sourcegraph Cody security pitfalls:
Recommended Security Tools
Use these tools to maintain security throughout development:
Ready to Secure Your App?
Security is an ongoing process, not a one-time checklist. After implementing these steps, use VAS to verify your Sourcegraph Cody app is secure before launch, and consider regular scans as you add new features.
Frequently Asked Questions
Does Cody store my code?
Cody sends code context to generate suggestions. Review Sourcegraph's privacy policy for data handling. Enterprise deployments offer more control over data processing.
Can Cody help find security issues?
Yes, you can ask Cody to review code for security issues. Its codebase understanding helps identify patterns. However, use dedicated security scanning for comprehensive coverage.