Today, Hugging Face announced SafeCoder, a complete, self-hosted code assistant solution designed specifically for enterprise use. SafeCoder aims to boost developer productivity while addressing critical privacy, security, and compliance concerns that arise when using cloud-based code assistants like GitHub Copilot.
Unlike traditional code assistants, SafeCoder is not a model but a full end-to-end commercial solution that enterprises can deploy on their own infrastructure. A key differentiator is that the company's code never leaves its virtual private cloud (VPC) during training or inference, ensuring complete data sovereignty. Customers own their fine-tuned Code Large Language Model (LLM) throughout the process.
Why SafeCoder?
Code assistants powered by LLMs have demonstrated significant productivity gains. However, closed-source solutions require sharing proprietary code with third parties during fine-tuning, creating compliance and security risks. Fine-tuned models may also inadvertently "leak" training data during inference. SafeCoder overcomes these challenges by enabling enterprises to build and deploy their own Code LLMs entirely within their secure IT environment, without exposing code to Hugging Face or any other external party.
From StarCoder to SafeCoder
SafeCoder is built on the StarCoder family of Code LLMs, developed through the BigCode project—a collaboration between Hugging Face, ServiceNow, and the open-source community. StarCoder offers state-of-the-art code completion, optimized inference performance (15B parameters with Multi-Query Attention and Flash Attention for 8,192 token context), and is trained on The Stack, an ethically sourced dataset consisting solely of commercially permissible licensed code with developer opt-out mechanisms.
Privacy and Security as Core Principles
A company's internal codebase is among its most valuable intellectual property. SafeCoder ensures that this code remains inaccessible to any third party, including Hugging Face. During setup, Hugging Face provides containers, scripts, and guidance to help customers prepare training data on their own hardware. Deployment uses Hugging Face containers configured for the customer's specific infrastructure, such as NVIDIA GPUs, AMD Instinct GPUs, Intel Xeon CPUs, AWS Inferentia2, or Habana Gaudi accelerators.
Compliance as a Core Principle
With evolving global regulations on AI and data, SafeCoder minimizes legal risks by leveraging the rigorous compliance groundwork of the BigScience and BigCode projects. The Stack dataset includes commercially permissible license filtering, consent mechanisms for developers to opt out, and extensive documentation for data inspection and deduplication.