Guardrails for
AI-Generated Code

Make every line of AI-generated code play by your rules – while it's being generated. Security and quality standards for VS Code, Copilot, Cursor and Windsurf, under your full control.

Get IDE Plugin
Book live demo
+ Add context
gpt-4o   image
submit ↩   codebase ⌘ ↩

Codacy Guardrails

  • SAST
  • Hardcoded secrets
  • Insecure dependencies
  • License scanning
  • Infrastructure-as-code misconfiguration
  • Error prone code
  • Performance issues
  • Best practices
  • Complex code
  • Code duplications
  • Code style violations
  • SAST
  • Hardcoded secrets
  • Insecure dependencies
  • License scanning
  • Infrastructure-as-code misconfiguration
  • Error prone code
  • Performance issues
  • Best practices
  • Complex code
  • Code duplications
  • Code style violations

See Guardrails in action

Shift left completed. Once and for all.

1
Install Codacy IDE Extension

Guardrails runs inside VS Code, Cursor, and Windsurf, seamlessly embedded in your existing AI coding workflow.

2
Write code with your AI agent

Every line of AI-generated code is silently scanned for security and quality flaws,  and auto-fixed – all before being printed.

3
Tweak the rules to your vibe

Adjust the default scan rules to match the standards of your codebase – and apply them across all IDEs in your team.

"Codacy Guardrails made using a coding agent go from useful to essential."

Daan van Leth
AI Solutions Consultant at ihomer

One source of truth. Limitless possibilities.

Guardrails is more than scanning AI code in real time. Using MCP technology, we created a brand new way of interacting with all
scan results in the Codacy cloud platform, and letting your AI assistant fix them in bulk – without ever leaving the chat panel.

Dependency Scanning (SCA)
Avoid the rework

“Are we using any insecure or unlicensed dependencies?”

SAST
Effortless AppSec for devs

“Fix all critical security issues in this file.”

DAST
No more scavenger hunts

“Fix all DAST scan findings in this repo.”

Complex Code
Robust, future-proof files

“Show me the most complex files and suggest how to refactor them.”

Reporting
Build reports instantly

“List all open issues in my team and prioritize them by severity.”

Test Coverage
Unit tests in seconds

“Write unit tests for all files with low test coverage in this repo.”

Keep your favorite AI coding agent

Guardrails is not yet another AI model for code reviews. Instead, it pairs trusted static analysis methods with the power of your existing AI coding assistant, delivering unmatched speed and convenience – without leaving a trail of destruction.

Now AI-accelerated engineering teams can ship on time, without the lingering fear of deploying a ticking time bomb.

Get free IDE Extension
ilustration (2)

Loved by  

DynamicApplicationSecurityTesting(DAST)_EasiestAdmin_EaseOfAdmin
StaticApplicationSecurityTesting(SAST)_BestSupport_QualityOfSupport
StaticCodeAnalysis_MomentumLeader_Leader
StaticApplicationSecurityTesting(SAST)_BestEstimatedROI_Roi
StaticCodeAnalysis_Leader_Leader (1)
StaticCodeAnalysis_EasiestToUse_EaseOfUse
StaticApplicationSecurityTesting(SAST)_EasiestSetup_EaseOfSetup
StaticApplicationSecurityTesting(SAST)_HighPerformer_HighPerformer

Ready to give Guardrails a spin?

Get free IDE Plugin

Helping industry leaders build a future they can trust

Energy
Saved 2h / Day in
Engineering Time
View Story >
Insurance
Achieved PCI DSS
Compliance
View Story >
Media
Cut Tech Support
Time by 60%
View Story >
Non-profit
2.8x Higher
Unit Test Coverage
View Story >

Proudly shaping the future of software, since 2012

“A SECURITY MUST-HAVE”

Codacy is easy to integrate and its new security dashboard provides useful insights into metrics across the company. The support team is really helpful and provides immediate assistance.

Placeholder Image
DevOps Specialist
Technical Project Manager
“A GAME-CHANGER FOR CODE QUALITY AND TEAM PRODUCTIVITY”

My team's overall code quality has improved significantly by using codacy. We have extensively used it to fix syntaxes, detect and remove hardcodings, and improve any redundancy in the code.

In addition to code quality, its integration with pull requests and project management tools such as Jira has helped me to manage code reviews and quality efficiently.

Sarang
Sarang K.
Technical Project Manager
"Great tool for detecting code issues, code coverage, code duplication and complexity"

From the point of view of a company that processes card transactions and is subject to Compliance/Certifications with card scheme standards, automated code review and detection of security problems is the most useful thing. Codacy helps developers save time in code reviews, so developers can focus on other things. Codacy centralizes customizable code patterns and enforces them within engineering teams so that everyone's code goes through static analysis and is evaluated before being put into production. Easy integration with GitLab. Customer Support is of high quality, responds quickly to inquiries, always helps us as much as possible.

Miroslav B.
Miroslav B.
Sr. Card System Architect
“GREAT TOOL TO ENSURE YOUR QUALITY STANDARDS”

The high number of programming languages that are supported by Codacy helped a lot in our situation, once we had different tech stacks. It was also very easy to integrate with our CI/CD flows, and we are seeing a really cool product roadmap.

Placeholder Image
Vinicius P.
Senior Manager, Solutions
“COMPANY THAT UNDERSTANDS DEVELOPERS”

I like how Codacy works to build strong partnerships with its customers. I like the focus on developers and the developer experience. I like that Codacy gives me a hassle-free single pane of glass view into code quality across my organization.

Placeholder Image
Verified User
Education Management
See Codacy reviews on G2

Frequenty asked questions

How do I install Codacy Guardrails?

The Codacy IDE Extension can be installed directly through your VSCode, Cursor and Windsurf marketplace:

Once installed, follow the steps below:

  1. Click the Codacy tab (Codacy icon)
  2. Log in or create your Codacy account (5 second signup via Github, Bitbucket and GitLab)
  3. Activate the Codacy CLI for local analysis
  4. Install MCP Server

For other IDEs, Codacy Guardrails can also be installed manually:

1. Install Codacy CLI
https://github.com/codacy/codacy-cli-v2

2. Install Codacy MCP Server
NPM: https://www.npmjs.com/package/@codacy/codacy-mcp-
GitHub: https://github.com/codacy/codacy-mcp-server

Can I use Guardrails without an AI copilot?

Codacy Guardrails is designed to be installed from our IDE extension for VS Code, Cursor and Windsurf. but as long as you have an AI code generator that is compatible with the MCP protocol you can also add Guardrails into your MCP configuration manually.

Without an AI coding agent, you instead need to use the Codacy IDE extension without the MCP Server.

Does Guardrails work with all OS?

Guardrails is supported on MacOS, Linux, and Windows (via WSL)

Which AI security and quality standards can I enforce with Guardrails?

Codacy Guardrails detects and auto-remediates security risks and quality issues in JavaScript, TypeScript, Python, and Java, including:

  • SAST vulnerabilities
  • Hardcoded secrets
  • Insecure dependencies
  • Error prone code
  • Performance issues
  • Best practices
  • Complex code
  • Code duplications
  • Styling violations

Configuring and enforcing coding standards at scale across all IDEs in your organization requires a Codacy Team or Business subscription.

How much does Guardrails cost?

Codacy Guardrails is a free IDE Extension for local scanning of AI-generated and human-written code, available free of charge to all developers.

Check our Team and Organization plans to unlock:
  • Central configuration and enforcement of AI coding standards across teams and projects
  • Query and auto-fix existing problems across your codebase from the AI chat panel
  • Generate custom security and code quality reports using AI prompts
  • Full access to the Codacy Cloud platform including:

    • Pipeline-less AppSec and code quality scans
    • PR merge gates
    • Team dashboards
    • Security reports
    • DAST pipelines
    • Jira integration

Is my data secure?

Codacy Guardrails is not a large language model, but an IDE extension that uses an MCP Server to communicate with existing AI coding agents owned by the user.

 

Ready to vibe code safely?
Get free IDE Plugin