Administration of Sourcegraph extensions and the extension registry

Sourcegraph extensions add features to Sourcegraph. Sourcegraph Free and Enterprise instances allow users to view and enable extensions from the Sourcegraph.com extension registry.

Site administrators can customize how Sourcegraph extensions are used on their instance, with options for:

  • a private extension registry on their instance,
  • allowing only specific extensions to be enabled by users, and
  • preventing users from enabling any extension from Sourcegraph.com.

Enable an extension for all users

To enable an extension for all users, add it to the extensions object in global settings (as shown below).

{
  ...,
  "extensions": {
    ...,
    "alice/myextension": true,
    ...
  },
  ...
}

(To enable an extension for a single user or organization as a site admin, edit the user or organization settings in the same way as shown above.)

If a user's organization settings or user settings explicitly disable the extension (by setting its extensions key to false), the extension will be disabled for that user (even if it is enabled in global settings). This is because organization and user settings take precedence over global settings. Site admins can edit any user's or organization's settings to remove overrides if needed.

Publish extensions to a private extension registry

If you want to create extensions that are only visible to users on your Sourcegraph instance or make use of extensions from the sourcegraph.com extensions registry on the air-gapped instances, you can use Sourcegraph Enterprise's private extension registry feature. This is enabled by default on Sourcegraph Enterprise.

To publish an extension to your instance's private extension registry (requires Internet access):

  1. Configure your Sourcegraph CLI (src) with the URL and an access token for your Sourcegraph instance.
  2. Depending on whether or not the extension already exists on Sourcegraph.com:
  • If the extension already exists on Sourcegraph.com, you can copy it to your private extension registry with src extensions copy -extension-id=... -current-user=...
  • If this is a new extension, run src extensions publish in the extension directory.

If you want to publish extensions to the air-gapped instance's private registry follow this guide.

On Sourcegraph Free, the only way to publish extensions is to publish them to the Sourcegraph.com extension registry, where anyone on the web can view them.

Use extensions from Sourcegraph.com (or disable remote extensions)

Sourcegraph Free and Enterprise instances use extensions from Sourcegraph.com with extensions.remoteRegistry set to "https://sourcegraph.com/.api/registry". The OSS version of Sourcegraph has no dependencies on external services, and its extensions.remoteRegistry defaults to false.

You can disable extensions from Sourcegraph.com by setting extensions.remoteRegistry to false in your site configuration:

{
  "extensions": { "remoteRegistry": false }
}

Allow only specific extensions from Sourcegraph.com

On Sourcegraph Enterprise, you can set extensions.allowRemoteExtensions so that only the explicitly specified extensions can be used from Sourcegraph.com.

Note: When enabling this setting, desired extensions and languages need to be specifically set in the Sourcegraph site configuration in order to work. Example:

{
  "extensions": { "allowRemoteExtensions": ["chris/token-highlights"] }
}

You will also need to manually enable language extensions for code navigation to work properly by adding them to "DefaultSettings" in your site configuration. List of languages can be found here: Sourcegraph default language settings.

Allow only extensions authored by Sourcegraph

On Sourcegraph Enterprise, you can restrict users to using only Sourcegraph-authored extensions by setting extensions.allowOnlySourcegraphAuthoredExtensions to true in your site configuration.

{
  "extensions": { "allowOnlySourcegraphAuthoredExtensions": true }
}

If not set, all extensions may be used from the remote registry.

If certain extensions are marked as allowed in allowRemoteExtensions field or remoteRegistry points to other than default registry, allowOnlySourcegraphAuthoredExtensions setting will be ignored.

To completely disable the remote registry, set remoteRegistry to false.

Client-side security and privacy

See "Security and privacy of Sourcegraph extensions" for information on the client-side security and privacy implications of Sourcegraph extensions.