diff --git a/lib/servicecatalog/service-catalog.yaml b/lib/servicecatalog/service-catalog.yaml
new file mode 100644
index 00000000000..fe7086b140e
--- /dev/null
+++ b/lib/servicecatalog/service-catalog.yaml
@@ -0,0 +1,53 @@
+# This is the source of truth for services dependencies of Sourcegraph. All names
+# should correspond to published images.
+#
+# Cloud started this file to ensure we can correctly maintain Network Policies
+# to ensure only necessary services can talk to each other.
+#
+# This file is not owned by Cloud but the entire engineering department.
+
+protected_services:
+  # $ go run ./dev/depgraph/ summary internal/gitserver
+  # union of all dependent commands
+  gitserver:
+    consumers:
+      - frontend
+      - repo-updater
+      - searcher
+      - symbols
+      - worker
+      - migrator
+      - precise-code-intel-worker
+      # other stuff we just know about
+      - search-indexer
+      - indexed-searcher
+
+  # $ go run ./dev/depgraph/ summary internal/redispool
+  # $ go run ./dev/depgraph/ summary internal/rcache
+  # union of all dependent commands
+  redis:
+    consumers:
+      - blobstore
+      - frontend
+      - github-proxy
+      - gitserver
+      - migrator
+      - repo-updater
+      - searcher
+      - symbols
+      - worker
+      # other stuff we just know about
+      - redis-exporter
+
+  # $ go run ./dev/depgraph/ summary internal/database
+  # the union of all dependent commands
+  postgres:
+    consumers:
+      - frontend
+      - gitserver
+      - migrator
+      - repo-updater
+      - searcher
+      - symbols
+      - worker
+      - precise-code-intel-worker
diff --git a/lib/servicecatalog/servicecatalog.go b/lib/servicecatalog/servicecatalog.go
new file mode 100644
index 00000000000..082d2442c89
--- /dev/null
+++ b/lib/servicecatalog/servicecatalog.go
@@ -0,0 +1,28 @@
+package servicecatalog
+
+import (
+	_ "embed"
+
+	"gopkg.in/yaml.v3"
+
+	"github.com/sourcegraph/sourcegraph/lib/errors"
+)
+
+//go:embed service-catalog.yaml
+var rawCatalog string
+
+type Service struct {
+	Consumers []string `yaml:"consumers" json:"consumers"`
+}
+
+type Catalog struct {
+	ProtectedServices map[string]Service `yaml:"protected_services" json:"protected_services"`
+}
+
+func Get() (Catalog, error) {
+	var c Catalog
+	if err := yaml.Unmarshal([]byte(rawCatalog), &c); err != nil {
+		return c, errors.Wrap(err, "'service-catalog.yaml' is invalid")
+	}
+	return c, nil
+}
diff --git a/lib/servicecatalog/servicecatalog_test.go b/lib/servicecatalog/servicecatalog_test.go
new file mode 100644
index 00000000000..6fbaf5c5eb2
--- /dev/null
+++ b/lib/servicecatalog/servicecatalog_test.go
@@ -0,0 +1,24 @@
+package servicecatalog
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGet(t *testing.T) {
+	c, err := Get()
+	require.NoError(t, err)
+	for _, k := range []string{
+		"gitserver",
+		"redis",
+		"postgres",
+	} {
+		t.Run(k, func(t *testing.T) {
+			require.NotEmpty(t, c.ProtectedServices)
+			require.NotEmpty(t, c.ProtectedServices[k])
+			assert.NotEmpty(t, c.ProtectedServices[k].Consumers)
+		})
+	}
+}
diff --git a/service-catalog.yaml b/service-catalog.yaml
deleted file mode 100644
index b560cf2d06b..00000000000
--- a/service-catalog.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-# This is the source of truth for services dependencies of Sourcegraph
-#
-# Cloud started this file to ensure we can correctly maintain Network Policies
-# to ensure only necessary services can talk to each other.
-#
-# This file is not owned by Cloud but the entire engineering department.
-
-protected_services:
-  # $ go run ./dev/depgraph/ summary internal/gitserver
-  # union of all dependent commands
-  gitserver:
-    consumers:
-      - frontend
-      - repo-updater
-      - searcher
-      - symbols
-      - worker
-      - migrator
-      - precise-code-intel-worker
-
-  # $ go run ./dev/depgraph/ summary internal/redispool
-  # $ go run ./dev/depgraph/ summary internal/rcache
-  # union of all dependent commands
-  redis:
-    consumers:
-      - blobstore
-      - frontend
-      - github-proxy
-      - gitserver
-      - migrator
-      - repo-updater
-      - searcher
-      - sitemap
-      - symbols
-      - worker
-
-  # $ go run ./dev/depgraph/ summary internal/database
-  # the union of all dependent commands
-  postgres:
-    consumers:
-      - frontend
-      - gitserver
-      - migrator
-      - repo-updater
-      - searcher
-      - symbols
-      - worker
-      - precise-code-intel-worker
diff --git a/service-catalog.yaml b/service-catalog.yaml
new file mode 120000
index 00000000000..e6e3f3a135f
--- /dev/null
+++ b/service-catalog.yaml
@@ -0,0 +1 @@
+./lib/servicecatalog/service-catalog.yaml
\ No newline at end of file