[sqs]

Our security page is at https://about.sourcegraph.com/security. We have a security assessment that we can share with customers, but not one that we post publicly yet.

We have customers who run Sourcegraph on machines that are completely blocked off from the Internet and only have access to the specific IP ranges of their code hosts on the same network. You can set it up like that if you'd like, which would significantly reduce the risks without needing to trust any third parties (us or the security reviewer).