Guardrails for
AI-Generated Code

Make every line of AI-generated code play by your rules –
while it's being generated. Security and quality standards for
VS Code, Copilot, Cursor and Windsurf, under your full control.

Codacy Guardrails

  • SAST
  • Hardcoded secrets
  • Insecure dependencies
  • License scanning
  • Infrastructure-as-code misconfiguration
  • Error prone code
  • Performance issues
  • Best practices
  • Complex code
  • Code duplications
  • Code style violations
  • SAST
  • Hardcoded secrets
  • Insecure dependencies
  • License scanning
  • Infrastructure-as-code misconfiguration
  • Error prone code
  • Performance issues
  • Best practices
  • Complex code
  • Code duplications
  • Code style violations

See Guardrails in action

Shift left completed. Once and for all.

1
Install Codacy IDE Extension

Guardrails runs inside VS Code, Cursor and Windsurf, checking every line of AI-written code in real-time.

2
Set your Coding Standards

Customize and enforce your business's security and quality rules across every IDE in your organization.

3
Future-proof your Applications

Every line of AI-generated code is safe and compliant from the start, following the standards you define.

“AI code is almost insecure-by-design, and Guardrails are the best shot at the moment to getting it on the right track"

James Berthoty, Latio Tech
Raleigh, North Carolina

One source of truth. Limitless possibilities.

Codacy Guardrails pairs trusted static analysis methods with the power of AI coding agents, delivering unmatched speed without leaving a trail of destruction.

BUILD APPS WITHOUT THE REWORK

Write a web server following our coding standards

EFFORTLESS APPSEC FOR DEVS

Fix all critical security issues in this repo

UNIT TESTS IN SECONDS

Write tests for all files with low test coverage

BUILD REPORTS INSTANTLY

List my open security issues by severity

SKIP THE SECURITY TICKET
 
Am I using any insecure or unlicensed dependencies?

NO MORE SCAVENGER HUNTS
 
Fix all DAST findings in this repo

LEAN CODE ON DEMAND
 
Refactor all files with duplicated blocks of code

BUILD APPS WITHOUT THE REWORK

Write a web server following our coding standards

EFFORTLESS APPSEC FOR DEVS

Fix all critical security issues in this repo

UNIT TESTS IN SECONDS

Write tests for all files with low test coverage

BUILD REPORTS INSTANTLY

List my open security issues by severity

SKIP THE SECURITY TICKET
 
Am I using any insecure or unlicensed dependencies

NO MORE SCAVENGER HUNTS
 
Fix all DAST findings in this repo

LEAN CODE ON DEMAND
 
Refactor all files with duplicated blocks of code

Loved by  

DynamicApplicationSecurityTesting(DAST)_EasiestAdmin_EaseOfAdmin
StaticApplicationSecurityTesting(SAST)_BestSupport_QualityOfSupport
StaticCodeAnalysis_MomentumLeader_Leader
StaticApplicationSecurityTesting(SAST)_BestEstimatedROI_Roi
StaticCodeAnalysis_Leader_Leader (1)
StaticCodeAnalysis_EasiestToUse_EaseOfUse
StaticApplicationSecurityTesting(SAST)_EasiestSetup_EaseOfSetup
StaticApplicationSecurityTesting(SAST)_HighPerformer_HighPerformer

Want to see Guardrails in action?

Trusted by industry leaders across verticals

Energy
Saved 2h / Day in
Engineering Time
Insurance
Achieved PCI DSS
Compliance
Media
Cut Tech Support
Time by 60%
Non-profit
2.8x Higher
Unit Test Coverage

Proudly shaping the future of software, since 2012

“A SECURITY MUST-HAVE”

Codacy is easy to integrate and its new security dashboard provides useful insights into metrics across the company. The support team is really helpful and provides immediate assistance.

Placeholder Image
DevOps Specialist
Technical Project Manager
“A GAME-CHANGER FOR CODE QUALITY AND TEAM PRODUCTIVITY”

My team's overall code quality has improved significantly by using codacy. We have extensively used it to fix syntaxes, detect and remove hardcodings, and improve any redundancy in the code.

In addition to code quality, its integration with pull requests and project management tools such as Jira has helped me to manage code reviews and quality efficiently.

Sarang
Sarang K.
Technical Project Manager
"Great tool for detecting code issues, code coverage, code duplication and complexity"

From the point of view of a company that processes card transactions and is subject to Compliance/Certifications with card scheme standards, automated code review and detection of security problems is the most useful thing. Codacy helps developers save time in code reviews, so developers can focus on other things. Codacy centralizes customizable code patterns and enforces them within engineering teams so that everyone's code goes through static analysis and is evaluated before being put into production. Easy integration with GitLab. Customer Support is of high quality, responds quickly to inquiries, always helps us as much as possible.

Miroslav B.
Miroslav B.
Sr. Card System Architect
“GREAT TOOL TO ENSURE YOUR QUALITY STANDARDS”

The high number of programming languages that are supported by Codacy helped a lot in our situation, once we had different tech stacks. It was also very easy to integrate with our CI/CD flows, and we are seeing a really cool product roadmap.

Placeholder Image
Vinicius P.
Senior Manager, Solutions
“COMPANY THAT UNDERSTANDS DEVELOPERS”

I like how Codacy works to build strong partnerships with its customers. I like the focus on developers and the developer experience. I like that Codacy gives me a hassle-free single pane of glass view into code quality across my organization.

Placeholder Image
Verified User
Education Management

Frequenty asked questions

How do I install Codacy Guardrails?

The Codacy IDE Extension can be installed directly through your VSCode, Cursor and Windsurf marketplace:

Once installed, follow the steps below:

  1. Click the Codacy tab (Codacy icon)
  2. Log in or create your Codacy account (5 second signup via Github, Bitbucket and GitLab)
  3. Activate the Codacy CLI for local analysis
  4. Install MCP Server

For other IDEs, Codacy Guardrails can also be installed manually:

1. Install Codacy CLI
https://github.com/codacy/codacy-cli-v2

2. Install Codacy MCP Server
NPM:
https://www.npmjs.com/package/@codacy/codacy-mcp-
GitHub:
https://github.com/codacy/codacy-mcp-server

Can I use Guardrails without an AI copilot?

Codacy Guardrails is designed to be installed from our IDE extension for VS Code, Cursor and Windsurf. but as long as you have an AI code generator that is compatible with the MCP protocol you can also add Guardrails into your MCP configuration manually.

Without an AI coding agent, you instead need to use the Codacy IDE extension without the MCP Server.

What sort of security and quality standards can I enforce with Codacy Guardrails?

Codacy Guardrails supports a range of real-time security and quality checks for JavaScript, TypeScript, Python and Java.

In particular, Guardrails detects:

  • SAST vulnerabilities
  • Hardcoded secrets
  • Insecure dependencies
  • Error prone code
  • Performance issues
  • Best practices
  • Complex code
  • Code duplications

Configuring coding standards at scale across all IDEs in your organization requires a Codacy Team or Business subscription.

How much does Codacy Guardrails cost?

Codacy Guardrails is available free of charge for all Codacy customers.

Learn more on our pricing page.

Is my data secure?

Codacy Guardrails is based on an MCP Server which connects to your existing AI coding agent (and optionally, to the Codacy API).  

Codacy Guardrails is not a proprietary LLM for software development and does not share your data with third parties.

 

Ready to vibe code safely?