Quality & Security Guardrails for Agentic Workflows

Turn your quality and security standards into auto-repair instructions for your AI coding agents. Open review-ready PRs on first try.

Get VS Code plugin
Book a demo

Get the code quality and security context your agent is missing

Codacy Guardrails brings reliable, deterministic code analysis inside your agentic workflow, making your coding agents follow the rules you define, consistently. Give your agent all the context it needs to auto-repair new and old code on the fly.

Get clean, secure AI code on every prompt

Get clean, secure AI code on every prompt

Codacy Guardrails silently scans every line of AI code against your policies, while it's being generated. Let your agent auto-fix its own issues, before you even see the code.

Review

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Fix legacy issues without leaving the chat panel

Fix legacy issues without leaving the chat panel

Turn Codacy’s scan results into actionable context for your AI agents. Empower them to auto-fix issues identified across your legacy codebase with verified precision.

Review

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Adjust your policies and get code health reports

Adjust your policies and get code health reports

Set your AI Guardrails to match your organization's coding standards and apply them across agents and IDEs. Generate real-time code health reports across teams and projects.

Review

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

"Codacy Guardrails became a no-brainer for us. It's part of our agreed coding standards and I honestly cannot think of a reason not to use it."

Daan van Leth AI Solutions Consultant at ihomer

Get free IDE plugin

Put your coding agent to work on what matters

Watch our live demo examples

Codacy Guardrails pairs the Codacy MCP Server with the Codacy CLI, allowing your agents to write clean and secure code, fix issues, configure coding policies and create quality & compliance reports – all from the comfort of your chat panel.

Your coding agents can ship faster when they know exactly what to fix. Codacy gives agents full visibility into every issue detected across your codebase, with the exact repo and location of each one, so they can get straight to fixing.

That includes DAST findings, where agents can trace an endpoint vulnerability back to its origin in the code. And with access to Codacy's code coverage data, agents can spot which critical code lacks tests and write them.

Configure Codacy directly from their IDE, without switching context to the Codacy UI.
The plugin connects to the Codacy API, so agents can handle configuration tasks, like enabling or disabling rules configured in Coding Standards, according to their permissions level.

Instead of digging through dashboards, can query Codacy in plain language from the chat panel.
Get a list of overdue security issues, compare trends across teams, or check which repos aren't meeting your compliance thresholds. Any question you'd normally answer by navigating the Codacy UI, you can now just ask.

Loved by engineers

Codacy has changed the way engineering teams ship secure, high-quality applications without sacrificing speed.

See all reviews

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"Easy to integrate, hard to give up!"

Mustafa O.

Engineering Lead

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"Reduces the amount of bloat, bugs, and other issues we experience."

Michael P.

CTO

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"Quality and speed, Codacy gives us both. I love these guys."

Mykel A.

Engineering Manager

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"Our overall code quality has improved significantly."

Sarang K.

Technical Project Manager

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"Crucial to the success of our projects."

Michael G.

Principal Engineer

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"A great product. I have recommended all my community friends to use it."

Xiao Y.

CTO

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"Reduces time on code reviews."

Madalin V.

Senior Software Engineer

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"Helps devs save time in code reviews, so they can focus on other things."

Miroslav B.

Senior Card System Architect

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"Raising our quality and security standards, giving quick feedback to our devs to ensure that we don't lose agility."

Vinicius P.

Mid-market

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"Helps us meet compliance requirements and improve code quality across our product."

Verified User

Education Management

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Lorem ipsum

Lorem ipsum

Enforce secure GenAI code on every prompt

"It's automatic, with like zero config to be functional."

Romain M.

Lead Developer

  • Secret scanning
  • Insecure dependencies (SCA)
  • AI policy violations
  • SQL Injections
  • SAST
  • Unapproved model calls

Frequently asked questions

The Codacy IDE Extension can be installed directly through your VSCode, IntelliJ, Cursor and Windsurf marketplace:

Once installed, follow the steps below:

  1. Click the Codacy tab (Codacy icon)
  2. Log in or create your Codacy account (5 second signup via Github, Bitbucket and GitLab)
  3. Activate the Codacy CLI for local analysis
  4. Install MCP Server

For other IDEs, Codacy Guardrails can also be installed manually:

1. Install Codacy CLIhttps://github.com/codacy/codacy-cli-v2

2. Install Codacy MCP ServerNPM: https://www.npmjs.com/package/@codacy/codacy-mcp-GitHub: https://github.com/codacy/codacy-mcp-server

Codacy Guardrails is designed to be installed from our IDE extension for VS Code, Cursor and Windsurf. but as long as you have an AI code generator that is compatible with the MCP protocol you can also add Guardrails into your MCP configuration manually.Without an AI coding agent, you instead need to use the Codacy IDE extension without the MCP Server.

Guardrails is supported on MacOS, Linux, and Windows (via WSL)

Codacy Guardrails detects and auto-remediates security risks and quality issues in JavaScript, TypeScript, Python, and Java, including:

  • SAST vulnerabilities
  • Hardcoded secrets
  • Insecure dependencies
  • Error prone code
  • Performance issues
  • Best practices
  • Complex code
  • Code duplications
  • Styling violations

Configuring and enforcing coding standards at scale across all IDEs in your organization requires a Codacy Team or Business subscription.

Codacy Guardrails is a free IDE Extension for local scanning of AI-generated and human-written code, available free of charge to all developers.Check our Team and Organization plans to unlock:

  • Central configuration and enforcement of AI coding standards across teams and projects
  • Query and auto-fix existing problems across your codebase from the AI chat panel
  • Generate custom security and code quality reports using AI prompts
  • Full access to the Codacy Cloud platform including:

    • Pipeline-less AppSec and code quality scans
    • PR merge gates
    • Team dashboards
    • Security reports
    • DAST pipelines
    • Jira integration

Codacy Guardrails is not a large language model, but an IDE extension that uses an MCP Server to communicate with existing AI coding agents owned by the user.

Start shipping great AI code today

Get free IDE plugin