How do I schedule a Sourcegraph demo for our engineering org, and who should attend (DevEx, security, IAM, SRE)?
AI Codebase Context Platforms

How do I schedule a Sourcegraph demo for our engineering org, and who should attend (DevEx, security, IAM, SRE)?

9 min read

When you’re evaluating a code understanding platform for an entire engineering org—not just a single team—the demo needs to do more than show off features. It has to prove that Sourcegraph will work across your code hosts, respect your access model, and help both humans and AI agents understand and change code safely at scale.

Below is a practical guide to (1) how to schedule a Sourcegraph demo for your engineering org, and (2) who should be in the (virtual) room: DevEx, security, IAM, SRE, and key engineering leaders.

How to schedule a Sourcegraph demo for your engineering org

1. Use the dedicated contact path

For an enterprise-focused demo—tailored to your code hosts, scale, and security requirements—start here:

Get Started: https://sourcegraph.com/contact/code-search

This route ensures:

  • You’re routed to the right account team (enterprise vs. small team).
  • The conversation is framed around cross-repo, cross-host code understanding, not just an IDE plugin.
  • You can set expectations up front: on‑prem vs. cloud, AI posture, scale, and governance needs.

2. Prep the request with critical context

On the contact form (or in your first email), include a few key data points so the demo can be targeted to your reality:

  • Code host footprint

    • List what you use today: GitHub, GitLab, Bitbucket, Gerrit, Perforce, or a mix.
    • Call out special cases (e.g., “regulated monorepo in Perforce + GitHub for everything else”).

  • Scale and topology

    • Approximate number of repositories (e.g., “~3,000 repos across GitHub and Perforce”).
    • Any large monorepos or legacy codebases that are hard for humans or agents to navigate.
    • Distributed/hybrid environments (on‑prem, multiple regions, air‑gapped segments).

  • Primary use cases

    • Cross-repo Code Search / Deep Search for humans and agents.
    • Batch Changes for multi-repo refactors or migrations.
    • Monitors for catching risky patterns (secrets, insecure APIs, deprecated libraries).
    • Insights to track migrations, framework adoption, or dependency cleanup over time.

  • AI posture

    • Interest in Agentic AI Search (Deep Search) and agent integrations.
    • Requirements around zero data retention and data locality.
    • Any restrictions on AI access to production code or regulated repositories.

  • Security and compliance

    • Your identity stack: SAML, OpenID Connect, OAuth.
    • User lifecycle expectations: SCIM, provisioning/deprovisioning flows.
    • Role-based Access Controls (RBAC) requirements (e.g., “AI and humans must share the same access model”).

  • Target audience for the demo

    • Mention that you want a session that covers DevEx, security, IAM, SRE, and engineering leadership, so the team can plan the right depth.

This upfront context lets the Sourcegraph team prepare a demo that looks like your environment—e.g., hybrid GitHub + Perforce, thousands of repositories, and strict governance.

3. Request the right kind of demo

You’ll typically get more value if you’re explicit about what you want to see. For an engineering org–level evaluation, I recommend asking for:

  • End‑to‑end code understanding workflow

    • How a developer or AI agent uses Code Search and Deep Search to navigate legacy code, find patterns, and answer “where and how is this implemented?” across all hosts.
    • How code navigation works across repositories, languages, and services.

  • From understanding to action

    • A concrete Batch Changes demo showing a multi-repo refactor or library migration across billions of lines of code.
    • How to review, test, and roll out these changes in a controlled, auditable way.

  • Governance and safety controls

    • How Monitors detect insecure patterns, secrets, or policy violations and trigger notifications or actions.
    • How Insights surface adoption and changes across the repos you care about.

  • Enterprise security & access

    • SSO configuration with SAML / OpenID Connect / OAuth.
    • SCIM integration and RBAC model design.
    • How Zero data retention works for LLM inference and how AI agents are kept within the same access boundaries as humans.

Mentioning these topics in the scheduling step helps ensure you get one coherent story, not a generic feature tour.

Who should attend the Sourcegraph demo (and what to focus on)

For an engineering org evaluation, think of the demo as a joint working session between DevEx, platform, security, IAM, SRE, and engineering leadership. Each group cares about different proof points.

Developer Experience / Platform Engineering

Why they should attend

DevEx and platform are usually accountable for:

  • Developer onboarding and day‑to‑day navigation.
  • Standardizing tools across GitHub, GitLab, Bitbucket, Gerrit, Perforce, and any other hosts.
  • Rolling out cross-repo workflows (refactors, migrations, deprecations).
  • Enabling AI agents without creating chaos in legacy codebases.

What they should evaluate

  • Universal Code Search & Deep Search

    • Can developers and agents reliably search across all code hosts from one place?
    • How fast and exhaustive is search at scale (whether 100 or 1M repositories)?
    • How are complex queries handled (filters, operators, pattern matching)?

  • Agentic AI Search

    • How Deep Search provides clear, source‑linked answers in complex legacy code.
    • How AI agents use Sourcegraph’s MCP or APIs to find the right files, symbols, and patterns.
    • How to ensure agents aren’t hallucinating when working with sprawling codebases.

  • Batch Changes

    • How to run repeatable, multi-repo edits: API shifts, framework upgrades, security patch rollouts.
    • Integration with existing CI/CD and review workflows.
    • How DevEx can ship standard “playbooks” for refactors across teams.

  • Rollout and adoption

    • How to onboard thousands of developers with minimal friction.
    • Options for self-hosted vs. managed deployments.

Key questions to ask

  • “Show us a search that spans multiple code hosts and monorepos at once.”
  • “How would we execute a cross-repo refactor across thousands of repositories and review it safely?”
  • “How do agents consume Sourcegraph context—and how do we constrain them?”

Security / AppSec

Why they should attend

Security cares about:

  • Preventing secrets, insecure patterns, and vulnerable dependencies from shipping.
  • Ensuring AI access to code doesn’t break compliance or leak data.
  • Provenance and auditability: being able to trace where code and AI decisions came from.

What they should evaluate

  • Monitors

    • How to detect specific patterns (e.g., insecure crypto, outdated libraries, secrets) across all repositories.
    • How alerts get routed (Slack, email, webhooks) and how to trigger follow-up actions or agents.

  • Insights

    • How to track remediation progress over time (e.g., “How many repos are still using this deprecated auth method?”).
    • Using dashboards to monitor migration efforts and policy enforcement.

  • Security posture

    • SOC2 Type II + ISO27001 Compliance posture.
    • How Sourcegraph enforces Zero data retention for LLM inference.
    • How connections to code hosts are secured and audited.

  • AI access & governance

    • Whether AI agents run under the same RBAC model as humans.
    • How to restrict certain repositories or orgs from AI access while still enabling search.

Key questions to ask

  • “Show us how to monitor for secrets and insecure patterns across all code hosts.”
  • “How do we prove that no LLM inference data is retained or shared?”
  • “Can we restrict AI access to only certain repositories or projects?”

IAM / Identity & Access Management

Why they should attend

IAM is responsible for:

  • SSO, lifecycle management, and access controls.
  • Ensuring new tools fit existing identity workflows and compliance rules.
  • Making sure AI agents are not a side-door into sensitive code.

What they should evaluate

  • Single Sign On

    • Support for SAML, OpenID Connect, and OAuth.
    • Alignment with your IdP (Okta, Azure AD, Ping, etc.).
    • Just‑in‑time provisioning vs. SCIM-based provisioning.

  • SCIM & lifecycle

    • How users and groups are provisioned, updated, and deprovisioned.
    • Mapping groups/roles from the IdP into Sourcegraph permissions.

  • RBAC

    • Granularity of role-based access controls.
    • Ability to mirror existing access controls in code hosts (e.g., GitHub orgs, Perforce depots).
    • Ensuring AI agents respect the same RBAC, not bypass it.

Key questions to ask

  • “Walk us through SSO configuration for SAML/OIDC and how groups map into RBAC.”
  • “How do we ensure that when an engineer leaves, their access (and any agents acting on their behalf) is immediately revoked?”
  • “Can roles differentiate between read-only users, power users, and admins at scale?”

SRE / Infrastructure / Operations

Why they should attend

SRE and infra teams care about:

  • Performance and reliability at org scale.
  • Deployment model (cloud vs. self-hosted) and operational overhead.
  • Impact on existing systems, including CI/CD and observability tooling.

What they should evaluate

  • Deployment architecture

    • Options for self-hosted deployments vs. managed services.
    • Networking and connectivity to code hosts (GitHub, GitLab, Bitbucket, Gerrit, Perforce).
    • How indexing works across thousands of repositories and billions of lines of code.

  • Reliability and performance

    • How search behaves at peak load.
    • Observability: logs, metrics, traces; integration with existing monitoring stacks.
    • Strategies for scaling horizontally as the codebase grows (and AI accelerates that growth).

  • Change safety

    • How Batch Changes integrates with CI to ensure safe rollout.
    • Rollback strategies if a multi-repo change goes wrong.
    • Safeguards and approvals for large-scale edits.

Key questions to ask

  • “Show us the architecture and how we’d operate this in our environment.”
  • “How do we monitor and scale Sourcegraph as code volume grows?”
  • “How do multi-repo changes get tested and rolled out safely?”

Engineering leadership / Org owners

Why they should attend

Leaders need to see:

  • How Sourcegraph changes the way teams understand and modify code across the org.
  • Whether it supports current and planned AI initiatives.
  • How it fits governance and compliance posture.

What they should evaluate

  • Org‑wide visibility

    • How Insights can report on tech debt, migrations, and adoption of new patterns.
    • How leaders can see which teams are stuck in legacy repositories and why.

  • AI strategy alignment

    • How Sourcegraph enables Agentic AI Search to work reliably against large, legacy codebases.
    • How AI agents working with Sourcegraph can handle migrations and refactors safely.

  • Change management

    • How to run migration programs as repeatable workflows instead of one‑off hero projects.
    • How Batch Changes, Monitors, and Insights work together as a coherent governance loop.

Key questions to ask

  • “Show us how we’d manage and measure an org-wide migration (e.g., auth library, logging framework) across all repos.”
  • “How does this help our AI coding agents perform better and safer?”
  • “What does adoption look like in a 500+ or 2,000+ developer organization?”

How to structure the demo agenda for maximum value

When you schedule the demo, it helps to propose a simple structure:

  1. 10 minutes – Context from your side

    • Code hosts, scale, pain points (navigation, migrations, AI failures in legacy code).
    • Who’s in the room and what they care about.

  2. 25–30 minutes – Live demo tailored to your org

    • Code Search & Deep Search across your type of footprint.
    • Batch Changes example that mirrors a real multi-repo change you’ve done (or avoided).
    • Monitors and Insights for security and governance.
    • Quick tour of SSO, SCIM, RBAC, and deployment architecture.

  3. 15–20 minutes – Role-specific Q&A

    • DevEx/Platform: rollout and agent integrations.
    • Security/IAM: compliance, SSO, RBAC, data retention.
    • SRE/Infra: deployment, scaling, observability.
    • Leadership: migration and AI strategy alignment.

Flag this structure when you book the session; it signals you’re evaluating Sourcegraph as a code understanding platform for the whole org, not just a single team tool.

Next step

If you’re ready to see how Sourcegraph can help your engineers and AI agents search, understand, and safely automate changes across your entire codebase, schedule a tailored session here:

Get Started

Back to AI Codebase Context Platforms

Keep Reading

More from AI Codebase Context Platforms

Sourcegraph MCP Server: what’s required to run a pilot connecting our internal AI agents to permissioned code search and code navigation?

Read more

Sourcegraph rollout plan: how do we pilot with one org/team, measure adoption, then scale company-wide with RBAC and SCIM?

Read more

How do we use Sourcegraph Batch Changes to open and track PRs across hundreds of repos for a dependency upgrade or API migration?

Read more