Articles on SourceCraft
- 2026
- Two months instead of a year: How we migrated 97,000 lines of Objective-C to Swift
- The team lead’s guide to pain-free releases: Building a predictable process from simple practices
- Top web hacking techniques: How developers can defend against non-obvious vulnerabilities
- What is cURL and how to use it
- Linux Bash basics: Writing your first Bash script
- Code search: Why simply indexing every commit is a bad idea
- The developer’s guide to choosing the right IDE
- 2025
- Under the hood of pull requests: Our effort to accelerate code indexing for easy navigation during review
- SourceCraft + Habr = ❤️
- How to work with custom security analyzers in CI
- Artificial intelligence in the works: exploring trends and practical applications
- Secret ingredients for secure development: Achieving precise and fast secret detection
- Dogfooding, AI assistants, and code navigation: Exploring SourceCraft, a new development platform by Yandex
- 2024
- See also
Articles where experts from SourceCraft, Yandex Cloud, Yandex Infrastructure, and other teams cover details of SourceCraft implementation and share their development-related insights and plans going forward.
- Two months instead of a year: How we migrated 97,000 lines of Objective-C to Swift
- The team lead’s guide to pain-free releases: Building a predictable process from simple practices
- Top web hacking techniques: How developers can defend against non-obvious vulnerabilities
- What is cURL and how to use it
- Linux Bash basics: Writing your first Bash script
- Code search: Why simply indexing every commit is a bad idea
- The developer’s guide to choosing the right IDE
- Under the hood of pull requests: Our effort to accelerate code indexing for easy navigation during review
- SourceCraft + Habr = ❤️
- How to work with custom security analyzers in CI
- Artificial intelligence in the works: exploring trends and practical applications
- Secret ingredients for secure development: Achieving precise and fast secret detection
- Dogfooding, AI assistants, and code navigation: Exploring SourceCraft, a new development platform by Yandex
2026
Two months instead of a year: How we migrated 97,000 lines of Objective-C to Swift
Over five years of manual migration, we had managed to rewrite just over half of our legacy codebase. LLM-based automation changed everything, as now we relied on it to:
- Analyze the dependency graph to start migration from leaf modules, i.e., those with no dependencies on legacy code.
- Rewrite code while continuously validating it through builds and tests.
- Refactor code according to Swift best practices.
- Automatically check quality against a predefined checklist before code review.
The results speak for themselves: instead of the estimated year, the team rewrote 97,500 lines of code, migrated 2,167 files, and merged 106 pull requests in just two months.
All prompts, configuration templates, and helper scripts are available in our public SourceCraft repository. Feel free to tailor and use them in your projects.
The team lead’s guide to pain-free releases: Building a predictable process from simple practices
We use real-world examples to break down the processes, rules, and tools that help teams release updates smoothly, without late-night emergencies.
Top web hacking techniques: How developers can defend against non-obvious vulnerabilities
Denis Makrushin from our secure development team looks at top hacking techniques and ways to mitigate non-obvious vulnerabilities.
Beyond errors in code, modern attacks increasingly exploit discrepancies between system components. As the threat landscape shifts toward infrastructure and protocols, security must be system-wide and not component-based.
The top most common attacks include:
- Inconsistent interpretation: Divergent handling of data formats (JSON, YAML, HTTP) and Unicode normalization is a leading cause of input filter bypasses and remote code execution.
- Protocol quirks: Arbitrary requests in HTTP/2 can be weaponized for network reconnaissance, and a new SSRF technique exploits redirect anomalies.
- Prompt injection into AI agents: Malicious instructions hidden in commits or tickets trick agents into executing privileged commands during build pipelines.
- Zip Slip reborn: Exploring the comeback of a known vulnerability in new contexts.
Denis shares actionable recommendations on how to remediate these issues during development, long before they turn into incidents.
What is cURL and how to use it
A guide to installing and running cURL, covering basic syntax, essential commands, and key options. Find examples for GET and POST requests, file downloads, authentication, header manipulation, and redirect handling. Learn how to use cURL for API testing and task automation.
Linux Bash basics: Writing your first Bash script
An introduction to Bash, its syntax, and basic commands. Learn how to choose an editor, create and run your first Bash script, use variables, arguments, conditionals, and loops through beginner-friendly examples and tips.
Code search: Why simply indexing every commit is a bad idea
How do you implement fast code search for any commit? At first glance, indexing every commit seems reasonable. However, in large repositories, this quickly leads to gigabytes of indexes and long indexing times.
Vladimir Bobrov reviews the approaches tested in SourceCraft, from the naive solution to delta snapshots and persistent trees, and explains how we ultimately arrived at a history linearization strategy.
Read the full deep dive, including how this approach ensures fast search and predictable response times even in massive repositories, in our Habr blog post.
The developer’s guide to choosing the right IDE
A curated list of IDEs for Java, Python, JavaScript, C++, and other programming languages.
2025
Under the hood of pull requests: Our effort to accelerate code indexing for easy navigation during review
Reviewing a large pull request is like a tour without a guide: it is hard to see the connections between scattered fragments just by looking at the text changes.
The situation changes as new tools emerge able to build a semantic code model directly in the cloud.
Smart navigation will help you sort out pull requests of any complexity, allowing you to quickly jump to the definition and search for usages.
In his new article on Habr, Pavel Talanov from the Yandex Infrastructure team tells the story of how we were building this functionality and tackled this challenge at the junction of backend and IDE:
- Why the IDE index proved not suitable, and what it looks like for each new commit on the platform.
- The mechanism behind the tooltips.
- Our approach to symbol binding.
- The architecture of smart code navigation.
- How we measured the solution’s quality.
SourceCraft + Habr = ❤️
We all love reading stories and exploring new technologies on Habr. Many Habr articles contain examples of code. But what if the code is hard to figure out?
Now you can have any code snippet on Habr explained with just one click using Explain code with SourceCraft.
For more complex tasks, a second click will take you to SourceCraft: the context is preserved, and you can rewrite the code in another language, run an error check, or test the code directly on the platform.
For more on how we did it, read the Habr article.
How to work with custom security analyzers in CI
Today, code security during development is prioritized by every team. Learn how to configure SourceCraft for it not just to help you write code but also to scan it for vulnerabilities and misconfigurations. We instruct you how to hook up code analyzers and linters and integrate scan results directly into your pull request.
Artificial intelligence in the works: exploring trends and practical applications
How do development tools transform the workflows: from classrooms to product teams?
Dmitry Ivanov, Head of SourceCraft, shared the results of the study in his article on Habr.
The article covers:
- Mass implementation of AI assistants in development.
- Transformation of labor market and requirements for developers.
- Impact on productivity of development teams.
- Willingness to invest into new technologies.
- Education of a new generation of developers.
Secret ingredients for secure development: Achieving precise and fast secret detection
Code serves as one of the primary repositories for various secrets. A single commit can accidentally expose a token or password to the public. Identifying secrets becomes a real challenge when one needs to scan all projects hosted on a popular developer platform.
Our secure development experts, Denis Makrushin, Andrey Kuleshov, and Alexey Troynikov, explained how the secret detection feature is implemented, highlighting the key criteria for secret scanning: it has to be fast, precise, and thorough.
The article covers:
- Case study analysis.
- Comparison of two modern and high-speed secret-scanning tools: Kingfisher and Gitleaks.
- Review of benefits LLMs have over traditional methods, i.e., entropy analysis, regular expressions, and signatures.
Dogfooding, AI assistants, and code navigation: Exploring SourceCraft, a new development platform by Yandex
The story of SourceCraft began in Yandex Infrastructure, a team focused on building tools for creating and deploying internal Yandex applications and services and supporting the infrastructure utilized by most of the company's engineers. In many ways, this is the reason why many ideas for the new platform sprang into existence thanks to dogfooding, i.e., the team of creators using their own product.
Join SourceCraft developers Olga Lukyanova and Sergey Zakharchenko to learn what it is like to be crafting a development platform while at the same time using the same platform to write code, run tests, review pull requests, build and deploy the software.
2024
Solving the challenge of instant code navigation for any commit
SourceCraft developer Olga Lukyanova speaks about the beginnings of code navigation in SourceCraft and why it was essential not to turn the platform into an IDE.
AI tool for developers: How we were training LLMs to work with code
Viktor Ploshikhin, head of ML laboratory at Yandex Platform Engineering, gave an account of his team's effort to build an AI assistant for developers. How models were fine-tuned on real code; the "whys" behind the choice to predict statements; what metrics and methods they developed for quality assessment.
What you will learn:
- What problems are addressed by the developers and what LLMs do to help.
- What modern AI assistants are capable of.
- Commonly used methods to evaluate the benefits of AI products.
- AI's impact on business.