Guardrails for
AI-Generated Code
Make every line of AI-generated code play by your rules –
while it's being generated. Security and quality standards for
VS Code, Copilot, Cursor and Windsurf, under your full control.
Codacy Guardrails
- SAST
- Hardcoded secrets
- Insecure dependencies
- License scanning
- Infrastructure-as-code misconfiguration
- Error prone code
- Performance issues
- Best practices
- Complex code
- Code duplications
- Code style violations
- SAST
- Hardcoded secrets
- Insecure dependencies
- License scanning
- Infrastructure-as-code misconfiguration
- Error prone code
- Performance issues
- Best practices
- Complex code
- Code duplications
- Code style violations
Trusted by
See Guardrails in action
Shift left completed. Once and for all.
Install Codacy IDE Extension
Guardrails runs inside VS Code, Cursor and Windsurf, checking every line of AI-written code in real-time.
Set your Coding Standards
Customize and enforce your business's security and quality rules across every IDE in your organization.
Future-proof your Applications
Every line of AI-generated code is safe and compliant from the start, following the standards you define.
“AI code is almost insecure-by-design, and Guardrails are the best shot at the moment to getting it on the right track"
James Berthoty, Latio Tech
Raleigh, North Carolina
One source of truth. Limitless possibilities.
Codacy Guardrails pairs trusted static analysis methods with the power of AI coding agents, delivering unmatched speed without leaving a trail of destruction.
BUILD APPS WITHOUT THE REWORK
Write a web server following our coding standards
EFFORTLESS APPSEC FOR DEVS
Fix all critical security issues in this repo
UNIT TESTS IN SECONDS
Write tests for all files with low test coverage
BUILD REPORTS INSTANTLY
List my open security issues by severity
SKIP THE SECURITY TICKET
Am I using any insecure or unlicensed dependencies?
NO MORE SCAVENGER HUNTS
Fix all DAST findings in this repo
LEAN CODE ON DEMAND
Refactor all files with duplicated blocks of code
BUILD APPS WITHOUT THE REWORK
Write a web server following our coding standards
EFFORTLESS APPSEC FOR DEVS
Fix all critical security issues in this repo
UNIT TESTS IN SECONDS
Write tests for all files with low test coverage
BUILD REPORTS INSTANTLY
List my open security issues by severity
SKIP THE SECURITY TICKET
Am I using any insecure or unlicensed dependencies
NO MORE SCAVENGER HUNTS
Fix all DAST findings in this repo
LEAN CODE ON DEMAND
Refactor all files with duplicated blocks of code
Loved by
_EasiestAdmin_EaseOfAdmin.png?width=73&height=85&name=DynamicApplicationSecurityTesting(DAST)_EasiestAdmin_EaseOfAdmin.png)
_BestSupport_QualityOfSupport.png?width=74&height=85&name=StaticApplicationSecurityTesting(SAST)_BestSupport_QualityOfSupport.png)

_BestEstimatedROI_Roi.png?width=73&height=85&name=StaticApplicationSecurityTesting(SAST)_BestEstimatedROI_Roi.png)
.png?width=73&height=85&name=StaticCodeAnalysis_Leader_Leader%20(1).png)

_EasiestSetup_EaseOfSetup.png?width=74&height=85&name=StaticApplicationSecurityTesting(SAST)_EasiestSetup_EaseOfSetup.png)
_HighPerformer_HighPerformer.png?width=73&height=85&name=StaticApplicationSecurityTesting(SAST)_HighPerformer_HighPerformer.png)
Want to see Guardrails in action?
Trusted by industry leaders across verticals




Proudly shaping the future of software, since 2012
“A SECURITY MUST-HAVE”
Codacy is easy to integrate and its new security dashboard provides useful insights into metrics across the company. The support team is really helpful and provides immediate assistance.

“A GAME-CHANGER FOR CODE QUALITY AND TEAM PRODUCTIVITY”
My team's overall code quality has improved significantly by using codacy. We have extensively used it to fix syntaxes, detect and remove hardcodings, and improve any redundancy in the code. In addition to code quality, its integration with pull requests and project management tools such as Jira has helped me to manage code reviews and quality efficiently.

"Great tool for detecting code issues, code coverage, code duplication and complexity"
From the point of view of a company that processes card transactions and is subject to Compliance/Certifications with card scheme standards, automated code review and detection of security problems is the most useful thing. Codacy helps developers save time in code reviews, so developers can focus on other things. Codacy centralizes customizable code patterns and enforces them within engineering teams so that everyone's code goes through static analysis and is evaluated before being put into production. Easy integration with GitLab. Customer Support is of high quality, responds quickly to inquiries, always helps us as much as possible.

“GREAT TOOL TO ENSURE YOUR QUALITY STANDARDS”
The high number of programming languages that are supported by Codacy helped a lot in our situation, once we had different tech stacks. It was also very easy to integrate with our CI/CD flows, and we are seeing a really cool product roadmap.

“COMPANY THAT UNDERSTANDS DEVELOPERS”
I like how Codacy works to build strong partnerships with its customers. I like the focus on developers and the developer experience. I like that Codacy gives me a hassle-free single pane of glass view into code quality across my organization.

Frequenty asked questions
How do I install Codacy Guardrails?
The Codacy IDE Extension can be installed directly through your VSCode, Cursor and Windsurf marketplace:
Once installed, follow the steps below:
- Click the Codacy tab (Codacy icon)
- Log in or create your Codacy account (5 second signup via Github, Bitbucket and GitLab)
- Activate the Codacy CLI for local analysis
- Install MCP Server
For other IDEs, Codacy Guardrails can also be installed manually:
1. Install Codacy CLIhttps://github.com/codacy/codacy-cli-v2
2. Install Codacy MCP Server
NPM: https://www.npmjs.com/package/@codacy/codacy-mcp-
GitHub: https://github.com/codacy/codacy-mcp-server
Can I use Guardrails without an AI copilot?
Codacy Guardrails is designed to be installed from our IDE extension for VS Code, Cursor and Windsurf. but as long as you have an AI code generator that is compatible with the MCP protocol you can also add Guardrails into your MCP configuration manually.
Without an AI coding agent, you instead need to use the Codacy IDE extension without the MCP Server.
What sort of security and quality standards can I enforce with Codacy Guardrails?
Codacy Guardrails supports a range of real-time security and quality checks for JavaScript, TypeScript, Python and Java.
In particular, Guardrails detects:
- SAST vulnerabilities
- Hardcoded secrets
- Insecure dependencies
- Error prone code
- Performance issues
- Best practices
- Complex code
- Code duplications
Configuring coding standards at scale across all IDEs in your organization requires a Codacy Team or Business subscription.
How much does Codacy Guardrails cost?
Codacy Guardrails is available free of charge for all Codacy customers.
Learn more on our pricing page.
Is my data secure?
Codacy Guardrails is based on an MCP Server which connects to your existing AI coding agent (and optionally, to the Codacy API).
Codacy Guardrails is not a proprietary LLM for software development and does not share your data with third parties.