Shadow AI · Tool risk profile

Sourcegraph Cody.

by Sourcegraph · coding · Verified April 19, 2026

Vendor site

Base risk

2.6/ 5

LowMediumHighCritical

Cody Enterprise integrates with self-hosted Sourcegraph and offers BYO-LLM, no-training contracts, and SSO. Strongest "deep codebase context" of the category. Free tier is suitable only for OSS code.

Tier comparison

Same logo. Very different risks.

  • Free

    medium
    Trains on inputs
    Yes
    Retention
    30 days
    SSO
    No
    Admin controls
    No

  • Paid · consumer

    low
    Trains on inputs
    No
    Retention
    0 days
    SSO
    No
    Admin controls
    No

  • Enterprise · team

    low
    Trains on inputs
    No
    Retention
    0 days
    SSO
    Yes
    Admin controls
    Yes

Safer alternatives

Drop-in replacements our research team recommends.

FAQ

Questions teams ask about Sourcegraph Cody.

Is Sourcegraph Cody safe to use with company data?

Match the tier to the data type — consumer tiers are usually unsuitable for regulated data; enterprise tiers with SSO and no-training contracts are the minimum for most corporate use.

Does Sourcegraph Cody offer SSO?

Yes, SSO is available on the enterprise tier.

How does this tool appear in shadow AI audits?

Sourcegraph Cody typically shows up via SOURCEGRAPH *CODY and sourcegraph.com/cody traffic. Use a CASB to surface it if you suspect shadow use.

Audit your shadow AI

Is Sourcegraph Cody live in your org
alongside tools IT doesn’t know about?

Run a free 12-minute audit to surface every shadow AI tool on your network, score the risk, and walk away with a block-list your IT team can import.

Start the free auditMethodology

Buzzi.ai publishes tool risk profiles for informational purposes only. Always validate terms with the vendor before operational decisions.