From 1ddf74e602472ec697e31dca3c651635f18ebab1 Mon Sep 17 00:00:00 2001 From: Peter Guy Date: Thu, 8 May 2025 17:09:15 -0700 Subject: [PATCH 1/2] Update Code Insights docs with new sub-repo perms setting --- .../current_limitations_of_code_insights.mdx | 19 +++++++++++++++++-- .../code_insights/references/requirements.mdx | 4 ++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/docs/code_insights/explanations/current_limitations_of_code_insights.mdx b/docs/code_insights/explanations/current_limitations_of_code_insights.mdx index a9e00c79a..a1d5f819e 100644 --- a/docs/code_insights/explanations/current_limitations_of_code_insights.mdx +++ b/docs/code_insights/explanations/current_limitations_of_code_insights.mdx @@ -79,9 +79,24 @@ Code Insights does not yet support running over specific revisions. ## VCS limitations -Code Insights only supports git based repositories and does not support perforce repositories that have sub-repo permissions enabled. +Code Insights by default can **not** query repositories that have [sub-repo permissions](/admin/permissions/api#Setting-sub-repository-permissions-for-users) configured. Note that some repositories can sync sub-repo permissions from the code host - Perforce depots currently (6.3). - Perforce depots converted to git are also currently not supported for Code Insights. +The reason for that restriction is security concerns around exposing the code in those repositories to users who should not be able to access it. + +Code Insights exposes only aggregated analytics and counts of patterns, though, not the raw code, so the security concerns could be less for Code Insights. + +If desired, a Sourcegraph admin can enable Code Insights access to repositories that use sub-repo permissions in site config: + +```json +"experimentalFeatures": { + "subRepoPermissions": { + "enabled": true, + "allowCodeInsights": true + } +} +``` + +`allowCodeInsights` is `false` by default, preserving historical behavior. ## Feature parity limitations diff --git a/docs/code_insights/references/requirements.mdx b/docs/code_insights/references/requirements.mdx index e42e590e4..af9ea8eba 100644 --- a/docs/code_insights/references/requirements.mdx +++ b/docs/code_insights/references/requirements.mdx @@ -15,6 +15,6 @@ You can only use Code Insights on a [Docker Compose](/admin/deploy/docker-compos ## Code hosts -Sourcegraph Code Insights is compatible with any [Sourcegraph-compatible code host](/admin/repo/), except: +Sourcegraph Code Insights is compatible with any [Sourcegraph-compatible code host](/admin/repo/). -* Perforce repositories making use of sub-repo permissions are not supported +If the repo has [sub-repo permissions](/admin/permissions/api#Setting-sub-repository-permissions-for-users) configured, an admin will need to set `experimentalSettings.subRepoPermissions.allowCodeInsights` to `true` in site config to allow Code Insights to query that repo. From a86d67c94f53d3c0f03ce4dceebac1f53222aa5d Mon Sep 17 00:00:00 2001 From: Peter Guy Date: Thu, 8 May 2025 17:14:18 -0700 Subject: [PATCH 2/2] update "6.3" to "6.4" --- .../explanations/current_limitations_of_code_insights.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/code_insights/explanations/current_limitations_of_code_insights.mdx b/docs/code_insights/explanations/current_limitations_of_code_insights.mdx index a1d5f819e..725e96456 100644 --- a/docs/code_insights/explanations/current_limitations_of_code_insights.mdx +++ b/docs/code_insights/explanations/current_limitations_of_code_insights.mdx @@ -79,7 +79,7 @@ Code Insights does not yet support running over specific revisions. ## VCS limitations -Code Insights by default can **not** query repositories that have [sub-repo permissions](/admin/permissions/api#Setting-sub-repository-permissions-for-users) configured. Note that some repositories can sync sub-repo permissions from the code host - Perforce depots currently (6.3). +Code Insights by default can **not** query repositories that have [sub-repo permissions](/admin/permissions/api#Setting-sub-repository-permissions-for-users) configured. Note that some repositories can sync sub-repo permissions from the code host - Perforce depots currently (6.4). The reason for that restriction is security concerns around exposing the code in those repositories to users who should not be able to access it.