Home / Companies / Sourcegraph / Blog / June 2026

June 2026 Summaries

20 posts from Sourcegraph

Filter
Month: Year:
Post Summaries Back to Blog
Agentic Batch Changes is an AI-driven tool, now in public beta, designed to facilitate large-scale code migrations across multiple repositories by orchestrating the entire process from scoping to execution, ensuring that every pull request is mergeable. Built on Sourcegraph's Batch Changes execution engine, it tackles the complexities of applying consistent changes across diverse repository setups, such as dependency upgrades, security vulnerability patches, and API changes, which traditionally pose significant coordination challenges for engineering teams. The AI agent uses Sourcegraph's search capabilities to identify affected repositories, iterates through them to apply changes with judgment, and reacts to CI failures by analyzing logs and adjusting as needed, ensuring that the changes are CI-healthy and ready for human approval. Companies like Mercari and Canva have successfully utilized the tool for complex tasks, highlighting its ability to handle nuanced variations between repositories better than traditional scripted automation. Despite being in beta, the tool is already demonstrating real impact in customer environments, and feedback from users is actively shaping its development. Agentic Batch Changes is currently available for free to Sourcegraph Cloud customers during the beta period, with self-hosted availability expected in 2026.
Jun 30, 2026 1,001 words in the original blog post.
Documentation as code is a practice that integrates documentation into the same workflows, tools, and version control systems used for software development, ensuring that documentation remains synchronized with code changes. This approach involves writing documentation in plain text formats like Markdown, reviewing changes through pull requests, and running automated tests to maintain accuracy and prevent drift. By keeping documentation in the repository alongside the code it describes, this method addresses the common issue of documentation becoming outdated and irrelevant. While it offers numerous benefits such as increased accuracy and synchronization with code versions, it also presents challenges, particularly for non-technical contributors who may find the Git-based workflow intimidating. The solution often involves adding a web-based editing layer to make the process more accessible. As artificial intelligence increasingly relies on documentation as a source of truth, maintaining accurate and up-to-date documentation has become even more critical. The practice emphasizes that documentation should be treated with the same rigor and care as code, ensuring that it evolves alongside software and remains a reliable resource for both human and AI users.
Jun 29, 2026 2,021 words in the original blog post.
The debate between monorepo and polyrepo architectures focuses on choosing the right repository structure for software development, with both models offering distinct advantages and challenges. Monorepos, exemplified by Google's use of a single repository for billions of lines of code, allow for atomic changes and easy code sharing but require significant investment in build infrastructure to manage scale and complexity. Conversely, polyrepos, favored by companies like Amazon and Netflix, provide team autonomy and fine-grained access control but can lead to discoverability issues and challenges with cross-repo changes. The decision often hinges on team size, change patterns, and tooling budget, with the key takeaway being the importance of investing in the appropriate tooling to support the chosen architecture. Both approaches can be effective if the necessary infrastructure investments are made to mitigate their respective downsides.
Jun 29, 2026 1,999 words in the original blog post.
Navigating and managing large engineering codebases requires specialized tools that address the unique challenges posed by scale, such as slow search times, difficult onboarding, and the complexity of code dependencies. Traditional tools may falter when dealing with codebases that span millions of lines and multiple repositories, necessitating a stack of tools for code search, quality analysis, build management, and change implementation. Tools like Sourcegraph and OpenGrok provide robust multi-repo search capabilities, while SonarQube and CodeScene offer code quality analysis. Build systems such as Bazel and Nx help maintain fast build times in large environments, and tools like Sourcegraph Batch Changes and OpenRewrite assist in applying changes across repositories. The importance of a code intelligence layer, which enhances the effectiveness of all other tools by improving code discoverability, is emphasized as the foundational step in assembling a productive tool stack. The article underscores that while there is no single best tool for large codebases, the right combination tailored to specific needs can significantly improve efficiency and maintainability.
Jun 29, 2026 1,821 words in the original blog post.
Developer onboarding is a critical process that aims to transform a new engineer from their first day into a productive and independent team member, focusing primarily on understanding and navigating the codebase rather than just completing administrative tasks. A successful onboarding process leverages a 30-60-90 day framework to establish clear, measurable goals, such as achieving self-sufficiency in small tasks within 30 days, owning a feature by 60 days, and operating as a full team member by 90 days. The guide emphasizes that the main bottleneck in onboarding is not account setup but the cognitive load associated with understanding unfamiliar codebases, which can hinder a new hire’s ability to contribute meaningfully. Tools like codebase search and AI assistants can significantly reduce this cognitive load by making it easier for new hires to find information independently, thus improving time-to-productivity. Ultimately, the best onboarding processes ensure new engineers can quickly understand and work with the existing code, reducing dependency on senior team members and optimizing the feedback loop essential for developer productivity.
Jun 29, 2026 1,953 words in the original blog post.
Static code analysis is a crucial automated process in software pipelines that identifies bugs and vulnerabilities in source code without executing it, offering significant economic benefits by catching issues early. The landscape of static code analysis tools is diverse, with key categories including Static Application Security Testing (SAST), linters, and code-quality platforms, each serving different purposes such as security, style, and maintainability. The effectiveness of these tools largely depends on their ability to perform sophisticated flow analysis while minimizing false positives, which can hinder adoption if not appropriately managed. Notably, SAST focuses on security issues, linters enforce coding style and correctness, and code-quality platforms address maintainability through metrics like complexity and test coverage. The guide highlights twelve top tools for 2026, each excelling in specific areas and suitable for different organizational needs, from Semgrep and CodeQL for customizable SAST to SonarQube for continuous quality assurance. Beyond identifying issues, effective remediation across multiple repositories is vital, with tools like Sourcegraph facilitating this through features like Code Search and Batch Changes, ensuring comprehensive fixes and compliance verification.
Jun 29, 2026 2,212 words in the original blog post.
As AI coding agents generate increasing volumes of new code, the software industry faces the challenge of managing and understanding massive, decades-old codebases that underpin essential functions across various sectors. These complex systems, often built by large companies, are crucial to the operational integrity of numerous industries, yet they are at risk due to the rapid pace of AI-driven development, which can lead to code quality issues and technical debt. The dynamics of software development have shifted, emphasizing the need for robust tools and infrastructure to support engineers in maintaining and evolving these extensive codebases. Despite the transformative potential of AI, the necessity for deterministic business logic remains, and the industry's progress demands a balance between new innovations and the stewardship of existing systems. This situation underscores the importance of recognizing and supporting those who manage these critical codebases, as they play a vital role in sustaining the digital infrastructure that powers modern life.
Jun 26, 2026 1,386 words in the original blog post.
Large-scale codebase migrations often face delays not due to the engineers or plans, but because existing tools lack comprehensive visibility across the entire codebase, which leads to inefficiencies and prolonged timelines. Traditional keyword search tools and AI coding agents struggle with understanding code relationships and dependencies, especially in distributed, multi-repository environments, resulting in significant investigation time before implementation can even begin. This visibility issue is exacerbated in complex setups involving multiple version control systems, where engineers and AI agents lack access to complete dependency maps, leading to errors and incomplete migrations. Sourcegraph's Code Intelligence tools address these challenges by providing cross-repository visibility, enabling engineering teams to complete migrations more efficiently and accurately, as demonstrated by improved task completion times and precision rates in various coding tasks. By enhancing visibility, teams can plan, execute, and finalize migrations more effectively, avoiding the costly delays and risks associated with inadequate tooling.
Jun 24, 2026 887 words in the original blog post.
The text provides a comprehensive guide on code refactoring, detailing 12 proven techniques and emphasizing the importance of integrating refactoring into regular development processes rather than treating it as a separate task. It explains that refactoring is the process of restructuring existing code to enhance its readability, testability, and maintainability without altering its external behavior. The guide highlights the significance of judgment in determining which code segments require refactoring and explains how to effectively apply refactoring at scale across large codebases by employing organization-wide code search, automation, and tracking tools. It also distinguishes between refactoring and rewriting, noting that refactoring involves small, behavior-preserving transformations, while rewriting involves a complete overhaul that may temporarily alter the system's functionality. The guide underscores the necessity of having a systematic approach that includes tests, automation, and metrics to ensure successful and sustainable refactoring efforts.
Jun 17, 2026 2,540 words in the original blog post.
In 2026, the landscape of code refactoring tools is diverse, catering to various scales of code restructuring needs, from single-file adjustments to multi-repo transformations. These tools are categorized into three main groups: IDE refactorers, which handle project-specific modifications; code-quality analyzers, which identify areas needing improvement; and codebase-scale automation tools, which manage widespread changes across multiple repositories. While IDEs are sufficient for most single-repo tasks, larger efforts necessitate more advanced tools like Sourcegraph for organization-wide changes or SonarQube for pinpointing refactoring targets. Although tools provide speed and coverage, they don't replace the safety ensured by consistent testing, as emphasized by Martin Fowler. Selecting the appropriate tool depends on the extent of the code changes required, with a focus on how far the changes need to propagate across the codebase. Each tool addresses different aspects of the refactoring process, ensuring that teams can efficiently manage everything from minor code tweaks to significant architectural overhauls.
Jun 17, 2026 1,750 words in the original blog post.
Technical debt refers to the future cost incurred by shortcuts taken in software development, a concept introduced by Ward Cunningham to explain the necessity of rework to stakeholders. The article discusses 11 types of technical debt, such as code, architecture, design, test, and documentation debt, each requiring distinct responses. By categorizing these debts, teams can transform vague issues into specific, actionable problems using concrete examples and detection methods. Moreover, the Technical Debt Quadrant by Martin Fowler categorizes debt based on how it was incurred—deliberate versus inadvertent and prudent versus reckless—highlighting that not all debts are equal in impact. The approach suggests prioritizing debt by interest rate rather than principal, focusing on high-frequency or high-impact areas, such as test and architecture debt, which can compound issues if left unaddressed. To manage technical debt effectively, teams should identify, categorize, and track each type with metrics and searches, turning potential problems into manageable tasks with clear solutions.
Jun 17, 2026 1,915 words in the original blog post.
Measuring technical debt is crucial for engineers and managers to quantify and manage the often invisible burden that can slow down development processes, shifting conversations from subjective feelings to objective data. Key metrics such as the Technical Debt Ratio (TDR), code churn, complexity trends, and tools like SonarQube and CodeScene help in tracking and prioritizing debt by expressing the cost of code remediation as a percentage of its development cost. This quantification aids in ending disputes between engineering and leadership by highlighting specific issues, like deprecated APIs, that need attention, and helps prioritize which debts are most urgent based on their impact on the codebase and delivery metrics. In an era where AI-generated code can rapidly increase debt, maintaining a frequent and accurate measurement loop becomes even more important, emphasizing the value of real-time, queryable data over static, outdated estimates. Ultimately, the goal is to transform technical debt into a manageable aspect of the development process by focusing on trends and maintaining clear communication between technical and business teams.
Jun 17, 2026 2,098 words in the original blog post.
On the CodeScaleBench tasks aimed at assessing agent performance in large codebases, Claude Sonnet 4.6 integrated with the Sourcegraph MCP server outperformed Fable 5 by succeeding in six out of nine tasks, while also being more cost-effective in terms of quality points. Claude Sonnet 4.6, which does not store source code on disk and instead uses search, symbol resolution, and reference following, scored 0.698, whereas Fable 5, which processes the entire repository locally, scored 0.568 and incurred nearly double the cost per quality point. The results particularly highlighted Sonnet 4.6's superiority in cross-repository discovery tasks, such as vulnerability tracing and cross-organization dependency following, though one task did favor Fable 5, indicating genuine comparative assessment. These findings suggest that a more affordable model with efficient code retrieval capabilities could outperform a more expensive, locally-operating model in certain cross-repository tasks, though further evaluation is needed for tasks requiring deep single-file analysis.
Jun 16, 2026 619 words in the original blog post.
Managing technical debt effectively requires a systematic approach rather than relying on outdated methods like static spreadsheets. The text outlines a five-step framework for engineering managers, staff engineers, and platform leads to address technical debt by treating it as a manageable portfolio instead of a backlog. This involves identifying and prioritizing debt based on real-time codebase data, using live queries instead of manual audits to keep inventories current, and allocating a consistent budget for debt paydown rather than depending on sporadic efforts. The framework emphasizes the importance of automation, prioritization by interest rather than size, and assigning specific ownership to debt categories to prevent re-accumulation. It also highlights the challenges of managing technical debt in the AI era, where the volume of code and potential debt can increase rapidly. By using tools such as Sourcegraph's Code Insights, teams can transition from faith-based debt management to a data-driven approach that connects debt tracking directly to the codebase, ensuring transparency and accountability in the process.
Jun 16, 2026 2,383 words in the original blog post.
Engineering organizations face significant challenges with large, aging codebases, often referred to as "big code," which become increasingly difficult to navigate and manage over time. As companies grow, they acquire legacy systems that span multiple version control systems, languages, and dependencies, creating complex environments that can be daunting even for experienced developers. Migration projects aimed at modernizing these codebases are complicated by the need to first locate and understand vast swathes of code, a task hindered by the sheer size and scattered nature of the repositories. Although AI tools promise to accelerate development processes, they too struggle with the limitations of working within large codebases, often missing crucial context and leading to errors that human developers need to catch. Successful navigation and understanding of large codebases, however, can transform migration projects from laborious archaeological endeavors into efficient engineering tasks, significantly reducing the time and effort required to execute them, as demonstrated by companies like MathWorks, which saw drastic improvements in efficiency with enhanced code visibility and search capabilities.
Jun 16, 2026 620 words in the original blog post.
In a tactical playbook for reducing technical debt in 2026, nine strategies are proposed to address and manage the issue effectively, emphasizing the importance of making the debt visible, funding its paydown predictably, and automating mechanical tasks while continuing to ship features. The strategies include allocating a fixed debt budget, refactoring incrementally, and automating paydown at scale, with an emphasis on prioritizing high-interest debt and integrating testing and code review to prevent new debt. The playbook acknowledges that technical debt often accumulates due to rational trade-offs made to meet immediate business needs, suggesting that the focus should be on managing and reducing debt rather than aiming for zero debt. It highlights the importance of attaching a business case to debt reduction efforts, using automation tools like Batch Changes for cross-repo tasks, and leveraging AI for mechanical tasks without neglecting the need for verification. The guide suggests that a steady, systematic approach to debt reduction, coupled with proper documentation and trend tracking, is more effective than sporadic, large-scale cleanups, ultimately enabling teams to manage technical debt without halting feature development.
Jun 16, 2026 2,113 words in the original blog post.
Large monolithic codebases pose significant challenges for enterprise developers due to their size and complexity, making it difficult to understand the entire system without reliable code intelligence tools. Engineers often rely on incomplete mental models and assumptions, leading to errors and unintended consequences when making code changes. This lack of visibility results in common issues such as missed dependencies, inefficient search processes, fragmented comprehension, outdated documentation reliance, and AI tools generating inaccurate code suggestions. Code intelligence tools, like Sourcegraph, address these challenges by providing a comprehensive view of the codebase, enabling precise navigation, dependency tracing, and efficient management of changes. This improves onboarding, reduces incident resolution times, facilitates refactoring, and enhances the effectiveness of AI coding assistants by grounding them in a complete and up-to-date view of the codebase, ultimately reducing the operational costs associated with misreading monoliths.
Jun 11, 2026 1,192 words in the original blog post.
Sourcegraph offers enterprises AI-driven code intelligence while ensuring top-tier security, compliance, and governance. It emphasizes data loss prevention and intellectual property security by using AI models that neither retain data from requests nor train on user data, and it provides full IP indemnity for generated code. Trusted by major software teams, including four of the top six US banks, Sourcegraph can be deployed flexibly across cloud, on-premise, or virtual private cloud environments, integrating seamlessly with existing systems and code hosts. The platform supports the latest language models, provides guardrails against open-source licensing violations, and offers scalable AI solutions with detailed user permissions and authentication options, making it a secure choice for enterprise coding needs.
Jun 08, 2026 283 words in the original blog post.
AI code generation involves using artificial intelligence, particularly large language models (LLMs), to produce source code from natural-language prompts, surrounding code, or higher-level intent. This technology is split into three levels: inline autocomplete, conversational/chat-based generation, and agentic/autonomous generation, each offering varying degrees of capability and autonomy. As of 2026, AI code generation tools such as GitHub Copilot, Tabnine, Cursor, and Claude Code are used for different purposes, from simple code suggestions to complex multi-step tasks. Adoption of AI code generation in engineering teams requires careful consideration of tool selection, integration of retrieval layers for contextual accuracy, and the establishment of robust evaluation and security infrastructures. While AI-generated code can increase productivity and output, it also requires careful oversight to mitigate risks such as hallucinated dependencies, licensing issues, security vulnerabilities, and the productivity paradox, where the volume of generated code necessitates more comprehensive review and understanding. Successful implementation hinges on providing AI systems with sufficient context and ensuring that human oversight remains central to the development process.
Jun 05, 2026 3,269 words in the original blog post.
Sourcegraph has streamlined its vulnerability management process by integrating HackerOne webhooks with Deep Search to automate the validation, triage, and investigation of bug reports, thereby reducing the time engineers spend on these tasks. When a bug report is submitted, a service verifies its authenticity and uses Deep Search to analyze the report within the relevant codebase, providing a comprehensive assessment of the bug's validity, severity, and potential fixes. This system not only accelerates response times but also uncovers related vulnerabilities that may not have been initially reported. However, challenges such as potential token abuse, inaccurate repository mapping, and malicious prompt injections remain, which are addressed through entitlements and improved mapping strategies. This approach exemplifies how AI can enhance security operations by enabling teams to focus on impactful remediation rather than routine investigations, marking a significant advancement in modern vulnerability management.
Jun 05, 2026 758 words in the original blog post.