Sourcegraph’s Security Trust Portal
Sourcegraph has launched its own Security Trust Portal via Safebase, which is our ‘One Stop Shop’ to all of Sourcegraph’s latest information on the security, reliability, privacy, and compliance of our product. Our Security Trust Portal allows us to proactively gather and send our crucial security information to customers and prospects. Once created, we can control who has access to it for how long and place sensitive material behind a built-in NDA workflow.
How to share Evidence of Attestations
Please share the link below to our Security Trust Portal with our customer or prospect and they will be able to sign-up and request full access to attestations (SOC 2 reports, pen-test results) as well as see the latest public information on our information security and compliance practises and posture.
Once access has been requested by the client/prospect on the portal, a notification will be sent to our #safebase slack channel where CE will approve the request (including initialiation of a NDA workflow if there is no pre-existing NDA in place) and grant permissions to the requester to view and download all private information, including all attestations and reports.
What should I use our Security Trust Portal for
-
Attestations & Certification - Safely share attestation evidence (SOC 2, pen-test reports, etc.) with clients and prospects; this includes a built-in NDA workflow
-
Source of Truth for Security questionnaires - you can find all up-to-date security and compliance questions + answers in the knowledge base in the portal (see the screenshot below). Currently this is only an internally facing feature, however this will soon be made client facing as well by Safebase. This will provide a self-service to our clients that want to browse our security questions and answers themselves.
My access to the Security Trust Portal
Everyone at Sourcegraph has access to our Security Trust Portal and can log in through Okta to view and access all the documents and information on the Portal as well as search the Knowledge Base (Q&A catalog).
You will find a Safebase tile in your Okta just like in the image below.
Who is responsible for what
Please see below which team will be responsible for the different elements of up-keep and servicing of the Security Trust Portal:
CE:
- Attestation sharing with clients (sending out an invite to clients to view our new SOC 2 report)
- Access approval for client request (one-click through #safebase)
- Security knowledge base updates (keeping questions up to date)
Security team:
- User permission (elevated access than the standard role)
- Information upkeep and maintenance for security knowledge base
- Security questionnaire updates ( update answers)
If you have any questions please reach out to the relevant teams on their slack channels: #ce , #security, #safebase
Safebase user guide
For more details on how to operate Safebase and all of its features please see the full training video here. This primarily a resource for CE and Security as they support the day-to-day operation and maintainance of the platform.