Code change management

Run code change campaigns to remove legacy code, fix critical security issues, and pay down tech debt. Compute changes, create branches, and track pull requests across all affected repositories.

Leading dev teams invest heavily in code change management

Google invests significant effort in maintaining code health to address some issues related to codebase complexity and dependency management. For instance, special tooling automatically detects and removes dead code, splits large refactorings, … and marks APIs as deprecated.
… [Google] infrastructure teams must do the work to move their internal users to new versions themselves or do the update in place, in backwards-compatible fashion. This policy, which we've called the "Churn Rule," scales better: dependent projects are no longer spending progressively greater effort to just keep up.
[At Facebook], analyzers participate as bots in code review, making automatic comments when an engineer submits a code modification. … [This automation] saw a 70% fix rate, where a more traditional "offline" or "batch" deployment (where bug lists are presented to engineers, outside their workflow) saw a 0% fix rate.

How code change campaigns help teams move quickly and safely

Remove deprecated code and legacy systems

You need a way to improve and change APIs used across all of your organization's code, to spend less time and effort in the migration period between the old and new API or service.

Triage and follow-through on critical security issues

You need to be able to identify everywhere that a vulnerable package or API is used, and open issues or pull requests on all affected projects. Then you can monitor the progress of fixing, merging, and deploying.

Keep dependencies up-to-date

Keep your library dependencies and how you use those libraries up-to-date and consistent across all of your organization's code, to avoid old bugs or security problems in old dependencies, and problems arising from inconsistent dependency version use across your codebase.

Deploy new static analysis gradually in the developer workflow

Increase adoption of linters and enable progressively stricter rules across all of your organization's code, so you can continuously improve the quality of all of your code. Developers will see diagnostics and fixes in their editor and on their code host to gently nudge them toward adherence, and you can enforce rules after a certain time period.

Standardize build and deploy configuration

Keep the build and deployment configurations up-to-date and consistent across all of your organization's code, so that you can iterate and deploy continuously and reliably with DevOps self-sufficiency.

Easily run campaigns and track their progress

Sourcegraph lets you create campaigns, which compute diffs and create branches and pull requests across multiple repositories. Use it for these common types of campaigns:

Deprecate a Java artifact dependency
Deprecate a package.json dependency (npm/yarn)
Gradually enforce a new ESLint rule
Require all files to have valid code owners
Find-replace across multiple repositories
Triage search results
Track an existing collection of issues and pull requests

When you create a campaign, Sourcegraph creates branches and pull requests as needed with the correct reviewers and context—and keeps them up-to-date. You can track the progress of the campaign with the burndown chart and see all related activity across all repositories. All this makes completing the campaign as fast and painless as possible.

See it in action

Watch how to use Sourcegraph code change campaigns to upgrade the RxJS library in multiple repositories.


Engineering teams at these companies use Sourcegraph Universal Code Search