Sourcegraph CEO here. We made our main internal codebase (for our code search product) private. We did this to focus. It added a lot of extra work and risk to have stuff be open source and public. We gotta stay focused on building a great code search/intelligence product for our customers.
That's what ultimately lets us still do plenty of things for devs and the OSS community:
(1) Our super popular public code search is at https://sourcegraph.com/search, which is the same product customers use internally on their own codebases. We spend millions of dollars annually on this public instance with almost 1M OSS repositories to help out everyone using OSS (and we love when they like it so much they bring it into their company :-).
BTW, if any founders out there are wondering whether they should make their own code open-source or public, happy to chat! Email in profile. I think it could make sense for a lot of companies, but more so for infrastructure products or client tools, not so much for full server-side end-user applications.
Been a fan of sourcegraph since 2016 or so, it's been exciting to watch the pivots along the way. That being said, the loss of transparency here is pretty sad, speaking as a large FOSS repo owner. What were the main factors apart from risk that went into the decision?
This looks to be restricted to searching Github only.. even though it had "context:global" on the querystring every hit came from Github, and none seen from Gitlab, Codeberg, Sourcehut and other self-hosted forges (e.g. Forgejo).
I hope code search will one day be offered at a lower price, so small/medium sized companies can use the product. I'll never be able to convince someone to buy it when it's 3 or more time as expensive source code hosting, and would in many cases be most expensive SaaS product per developer seat that the company uses. But it's a great product.
The open/closed decision is a current weight on my mind right now. Our main competition is an open source product - it feels like it will be a tough sell to not also have the core of the product be free (Robotics framework). I might shoot you an email.
This thread reminded me to finally try Cody, I've been bouncing on and off Copilot for a few months. I wish I knew how good this was sooner, and I had no idea there was a generous free tier.
For business Open source is a business tool. Open source can be a goal, naturally, but for-profit entities have a duty to be profitable (or grow, plowing profits into building). I think there's no shame in saying this. You should not need to be elliptical in your public statements about this move. Everyone knows that this is about protecting your ability to monetize the product, and so it should be, and everyone knows this sort of move comes eventually.
> (1) Our super popular public code search is at https://sourcegraph.com/search, which is the same product customers use internally on their own codebases. We spend millions of dollars annually on this public instance with almost 1M OSS repositories to help out everyone using OSS (and we love when they like it so much they bring it into their company :-).
If open source wasn't a current marketing fad, you would spend the same amount on other things. You're not doing it because you love open source.
Seems like you need to get back to your job of CEOing and leave the public outreach to the folks whose job it actually is? If you haven't fired them all? Any publicity person worth their salt will tell you: shut up. Don't talk. Leave it to the professionals. You're making everything worse.
Huh in what way does publishing a source tarball alongside a release introduce a lot of work, risk and distraction? Your explanation makes literally no sense
EDIT: I implore the downvoters to think about this for a second. You can, actually, publish source code for a project without also committing to providing support and documentation and testing across a variety of systems. Publishing a tarball takes very little time and effort.
I used to always point to Sourcegraph as a company that really understood dev culture and what it took to make devs happy, so this slow transition has definitely been painful to watch.
Just yesterday someone asked for an example of a public roadmap for a technical product, so I spent some time looking for Sourcegraph's, only to find out that they've also made most of their docs private. The public handbook was an amazing resource before, now it's been moved to Notion, and most of the interesting bits are links to private Google documents (which they used to do only for financial documents and other stuff that obviously needed to stay private).
They also recently(?) silently destroyed[1] their public search index at sourcegraph.com/search. Since GitHub only recently got a working search and even that is behind login, I used to search a lot using Sourcegraph. It even supported searching GitLab.
Now it seems that all GitLab repos are gone from the index and a huge number of GitHub repos as well. If I can't trust the search I'll just have no choice but to fall back to GitHub.
It's a shame since their index was at some point even better than GitHub's own, although GitHub seems to have caught up.
We still have tons of repositories searchable at https://sourcegraph.com/search, almost a million. We did cull lots of non-GitHub repositories and repositories with less star. It was very complex to keep up with millions of repositories due to GitHub rate limits and scaling. We tried to keep as many as possible while still being able to focus on making a good product for customers (our biggest customer has ~600k repositories).
We're still spending millions of dollars annually to offer public code search, so our intent is certainly not to "destroy" it! If you have repositories you want us to add that are below the star threshold, please post at https://community.sourcegraph.com/t/most-public-repos-no-lon....
It's a bit sad. I forked ~~the last~~ an open-source version some time ago[0]. I removed the telemetry, disabled updates, removed the proprietary code, made a docker image, and implemented some lightweight oauth2/oauth2-proxy authentication.
I plan to keep it running behind Oauth2-Proxy for a long time. It has been very reliable software and because it's behind a supposedly secure proxy, I don't feel bad about not updating it.
I think 5.0.6 is the last open source version though. Have you considered updating? (Not sure how viable it would be – seems they've moved quite a few things around)
Damn, I use Sourcegraph so much for my reverse engineering efforts on macOS. They index all those private framework symbols that people extract on every macOS release, and allow searching for headers and even how they are called by other developers that were ahead of me.
A big part of https://lunar.fyi exists thanks to Sourcegraph search. Even now I'm using it to find a way to enable the second monitor on M3 MacBooks without needing to close the lid [1].
I really hope this is not a sign of them taking back the ability to search in the future.
Glad you use Sourcegraph! I remember that blog post and thought it was awesome. I am the Sourcegraph CEO, and we haven't changed anything about our public code search at https://sourcegraph.com/search. That's the same product tons of customers use for their internal code, and our public code search is a really important way for us to dogfood, iterate fast, etc.
Straight-up making all dev work private is very weird and perplexing. Why would their business model (which they had since some time, mind you) require not only a proprietary/"open core" license, which I would understand, but complete secrecy around source code itself? What business goal couldn't be accomplished with licensing restrictions alone? And is that difference in potential income generated by this new secret-requiring business model so big that it justifies throwing away the entire "open nature" of the company that has been a core value for most of its existence?
I've seen this multiple times with companies. Another example which went fully closed in an instant is ForgeRock (OpenAM, etc.). Usually it happens when management caves in to complaints from sales. Who will complain being open makes selling the product hard. In the end they will probably find out it's just the sales people's "excuse du-jour" and even after closing the source they still don't hit their targets.
I wonder from all the people commenting here how much they relied on Source Graph, and how many actually paid for it. Running an open-source company is hard, just like running any company is. Sometimes you understand there are things you just can't give out for free, and that's part of maturing as a company.
My company looked into paying Sourcegraph many times in the past, but they were prohibtively expensive every time we checked.
It's 49 USD per user per month for Code Search, like what the hell man?
It's more than twice as expensive as Github Enterprise.
Almost twice the cost of Gitlab Premium.
At some point it was 100USD per month per dev, I also remember it being "Starts from 5k USD per year", you can find some quotes for that in old submissions regarding Sourcegraph going open, closed, open and closed again.
Pretending to embrace open source while you're getting a foothold and then abandoning it as soon as you become successful isn't "maturing". It's pulling the ladder up behind you.
Right when I saw this post I immediately thought of your post from last year, some great discussion there.
These days on HN, anytime I see a post about Sourcegraph my knee jerk reaction is to whince because I know it's probably not a good thing.
It will be a sad day for tech when they get rid of the on prem free version. I feel like that's the next logical thing to cut given the direction and momentum they are heading.
As much as I've have cited, loved, and recommended sourcegraph (even going so far as to help run the open source version at a previous co), I never paid a cent for the product.
I'm curious about the line of thinking in leaving open source behind, but it seems somewhat unsurprising in that lens.
Thanks! We appreciate you. It was really a focus thing. It added a lot of overhead, lost focus, and risk to have stuff be open source. Most customers weren't telling us it was valuable to them, and frankly we heard very little from people who were using our open-source build. (How could we have gotten your input earlier?)
We still have a lot of open-source code, but ultimately we need to focus on building a great product and making money on it. Which we are doing. :-) As Sourcegraph CEO, I obviously wish we could do all the things, but we gotta stay focused on building a great code search/intelligence product.
Sourcegraph search is amazing. I can point to any hash in our repo and search by regex/path regex. Results are instant and in json format. I hacked together a 'cs' script in bash using the sg cli client and some git calls, as I missed Google's cs command since leaving. Works perfectly, faster than ctags/any local indexer.
The sourcegraph folks are great. I think these days is a brutal period for startups. I can only guess how things are going. Just yesterday FT.com was publishing "Start-up failures rise 60% as founders face hangover from boom years"[1].
Like Cockroach's recent relicensing, I think we should be thankful for the good years and awesome stuff the last boom era brought, and not be too harsh on the principled founders who now find themselves having to make hard decisions. They're responsible to a lot of people at the end of the day - investors but also employees. Just crashing the whole thing to make a moral statement would be dumb. Employees also count on execs to care for them.
If startups have to make hard decisions to keep things afloat, it's the right thing to do.
** I'm extrapolating a lot here from this post, for all I know things may be rosey at SourceGraph, idk!
> All documents were public by default. Technical and product RFCs (and later PR/FAQs) were drafted, reviewed, and catalogued in a public Google Drive folder
I guess I wish it was still open but want to reiterate how appreciative I am for the public free search. It's so amazingly useful while doing CS research to search through all of github with regez that way
Those licenses themselves aren't even sufficient to protect against this, since copyright holders don't have to follow their own licenses. To be fully safe from this kind of rug pull, the project also needs to accept substantial external contributions without a CLA, like the Linux kernel does.
[+] [-] sqs|1 year ago|reply
That's what ultimately lets us still do plenty of things for devs and the OSS community:
(1) Our super popular public code search is at https://sourcegraph.com/search, which is the same product customers use internally on their own codebases. We spend millions of dollars annually on this public instance with almost 1M OSS repositories to help out everyone using OSS (and we love when they like it so much they bring it into their company :-).
(2) We also have still have a ton of open-source code, like https://sourcegraph.com/github.com/sourcegraph/cody (our code AI tool).
BTW, if any founders out there are wondering whether they should make their own code open-source or public, happy to chat! Email in profile. I think it could make sense for a lot of companies, but more so for infrastructure products or client tools, not so much for full server-side end-user applications.
[+] [-] quantumwoke|1 year ago|reply
[+] [-] rapnie|1 year ago|reply
Correction: Public code on Github.
This looks to be restricted to searching Github only.. even though it had "context:global" on the querystring every hit came from Github, and none seen from Gitlab, Codeberg, Sourcehut and other self-hosted forges (e.g. Forgejo).
[+] [-] depr|1 year ago|reply
[+] [-] adhamsalama|1 year ago|reply
[+] [-] breck|1 year ago|reply
Make everything public domain, fully open source, just delayed by N years.
[+] [-] a_t48|1 year ago|reply
[+] [-] BaculumMeumEst|1 year ago|reply
[+] [-] cryptonector|1 year ago|reply
[+] [-] bpmooch|1 year ago|reply
If open source wasn't a current marketing fad, you would spend the same amount on other things. You're not doing it because you love open source.
[+] [-] hud_dev|1 year ago|reply
Seems like you need to get back to your job of CEOing and leave the public outreach to the folks whose job it actually is? If you haven't fired them all? Any publicity person worth their salt will tell you: shut up. Don't talk. Leave it to the professionals. You're making everything worse.
[+] [-] benreesman|1 year ago|reply
Obligatory: “Victory has defeated you.”
[+] [-] cxr|1 year ago|reply
[+] [-] mort96|1 year ago|reply
EDIT: I implore the downvoters to think about this for a second. You can, actually, publish source code for a project without also committing to providing support and documentation and testing across a variety of systems. Publishing a tarball takes very little time and effort.
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] sixhobbits|1 year ago|reply
Just yesterday someone asked for an example of a public roadmap for a technical product, so I spent some time looking for Sourcegraph's, only to find out that they've also made most of their docs private. The public handbook was an amazing resource before, now it's been moved to Notion, and most of the interesting bits are links to private Google documents (which they used to do only for financial documents and other stuff that obviously needed to stay private).
Sad!
[+] [-] iknownthing|1 year ago|reply
[+] [-] MzHN|1 year ago|reply
Now it seems that all GitLab repos are gone from the index and a huge number of GitHub repos as well. If I can't trust the search I'll just have no choice but to fall back to GitHub.
It's a shame since their index was at some point even better than GitHub's own, although GitHub seems to have caught up.
[1] https://community.sourcegraph.com/t/most-public-repos-no-lon...
[+] [-] sqs|1 year ago|reply
We're still spending millions of dollars annually to offer public code search, so our intent is certainly not to "destroy" it! If you have repositories you want us to add that are below the star threshold, please post at https://community.sourcegraph.com/t/most-public-repos-no-lon....
[+] [-] notpushkin|1 year ago|reply
[+] [-] speedgoose|1 year ago|reply
I plan to keep it running behind Oauth2-Proxy for a long time. It has been very reliable software and because it's behind a supposedly secure proxy, I don't feel bad about not updating it.
[0] https://github.com/SINTEF/sourcegraph
[+] [-] notpushkin|1 year ago|reply
I think 5.0.6 is the last open source version though. Have you considered updating? (Not sure how viable it would be – seems they've moved quite a few things around)
[+] [-] cdchn|1 year ago|reply
[+] [-] alin23|1 year ago|reply
A big part of https://lunar.fyi exists thanks to Sourcegraph search. Even now I'm using it to find a way to enable the second monitor on M3 MacBooks without needing to close the lid [1].
I really hope this is not a sign of them taking back the ability to search in the future.
[1] https://alinpanaitiu.com/blog/turn-off-macbook-display-clams...
[+] [-] sqs|1 year ago|reply
We just made our own internal codebase private.
[+] [-] welder|1 year ago|reply
Searching repos seems to be unchanged:
https://sourcegraph.com/search
[+] [-] EMIRELADERO|1 year ago|reply
[+] [-] jsiepkes|1 year ago|reply
[+] [-] jsiepkes|1 year ago|reply
[1] https://archive.softwareheritage.org/browse/origin/directory...
[+] [-] iddan|1 year ago|reply
[+] [-] CAP_NET_ADMIN|1 year ago|reply
It's 49 USD per user per month for Code Search, like what the hell man? It's more than twice as expensive as Github Enterprise. Almost twice the cost of Gitlab Premium.
At some point it was 100USD per month per dev, I also remember it being "Starts from 5k USD per year", you can find some quotes for that in old submissions regarding Sourcegraph going open, closed, open and closed again.
[+] [-] pjmlp|1 year ago|reply
Devs have to learn the hard way to behave like the other professionals, want nice things to stay around?
Pay for the tools.
[+] [-] josephcsible|1 year ago|reply
[+] [-] CAP_NET_ADMIN|1 year ago|reply
"Sourcegraph is no longer open source" by me, from last year
https://news.ycombinator.com/item?id=36584656
[+] [-] PaulCarrack|1 year ago|reply
These days on HN, anytime I see a post about Sourcegraph my knee jerk reaction is to whince because I know it's probably not a good thing.
It will be a sad day for tech when they get rid of the on prem free version. I feel like that's the next logical thing to cut given the direction and momentum they are heading.
[+] [-] stpn|1 year ago|reply
I'm curious about the line of thinking in leaving open source behind, but it seems somewhat unsurprising in that lens.
[+] [-] PaulCarrack|1 year ago|reply
I would love to contribute and pay, but, as a single personal / private onprem user, it's impossible. It's $49 per user with a 50 user minimum.
Sourcegraph doesn't make it possible to contribute in that circumstance.
[+] [-] sqs|1 year ago|reply
We still have a lot of open-source code, but ultimately we need to focus on building a great product and making money on it. Which we are doing. :-) As Sourcegraph CEO, I obviously wish we could do all the things, but we gotta stay focused on building a great code search/intelligence product.
[+] [-] yablak|1 year ago|reply
[+] [-] sqs|1 year ago|reply
[+] [-] reedf1|1 year ago|reply
I've been looking for alternatives - any recommendations?
[+] [-] AYBABTME|1 year ago|reply
Like Cockroach's recent relicensing, I think we should be thankful for the good years and awesome stuff the last boom era brought, and not be too harsh on the principled founders who now find themselves having to make hard decisions. They're responsible to a lot of people at the end of the day - investors but also employees. Just crashing the whole thing to make a moral statement would be dumb. Employees also count on execs to care for them.
If startups have to make hard decisions to keep things afloat, it's the right thing to do.
** I'm extrapolating a lot here from this post, for all I know things may be rosey at SourceGraph, idk!
[1]: https://www.ft.com/content/2808ad4c-783f-4475-bcda-bddc02990...
[+] [-] afro88|1 year ago|reply
Does this still exist somewhere?
[+] [-] breadwinner|1 year ago|reply
[+] [-] sluongng|1 year ago|reply
[+] [-] WesolyKubeczek|1 year ago|reply
[+] [-] JZL003|1 year ago|reply
[+] [-] zeroCalories|1 year ago|reply
[+] [-] josephcsible|1 year ago|reply
[+] [-] fire_lake|1 year ago|reply