.svg)
Last week, we unveiled Codacy Guardrails and its first small “hello world” moment: an MCP server that can connect with Codacy security and quality data and effectively act, leveraging AI-assisted IDEs (VS Code Agent Mode, Cursor, Windsurf).
Today, we’re showcasing the world's first big moment of Codacy Guardrails: the ability to fix security and quality issues as your AI generates code.
AI-generated code isn’t necessarily secure, compliant, or aligned with how your team writes software, or how your company defines standards or quality.
It can sneak in vulnerabilities, generate code copied from prohibitive licenses, introduce passwords and tokens, use insecure versions of libraries, and just create code that’s hard to maintain (even for AIs!).
We’re also slowly abstracting our understanding of the software we write as we rely more on models, which will cause “vibe migraines” when it’s time to fix inevitable bugs.
Now, you may be lucky as a developer. It may happen that you never get bad or insecure code. That chance gets smaller the more you leverage AI.
But as a company with dozens or hundreds or thousands of developers, that risk is exacerbated, and the probability of generating insecure or bad code increases to near certainty.
It’s only a matter of time before something bad happens.
As with everything, speed comes at a cost. Until today. We’re so incredibly excited about this.
Introducing Codacy Guardrails: Real-time Analysis of Your AI-generated Code
Leveraging our IDE extensions, Codacy can now operate with your IDE’s AI functionality and make AI correct code as it's being generated.
Codacy Guardrails scans every line of AI-generated code as it's being generated. If it’s not secure, compliant, or clean, it automatically gets fixed within your IDE, allowing you to simply accept better, more secure code suggestions.
Further, if you use Codacy’s cloud platform as a central gate for coding standards (i.e., enforcing company-wide security and quality requirements), these will be part of Codacy Guardrails' execution and analysis.
This means you can now centrally define and enforce your code security and quality rules across all AI-assisted IDEs in your organization.
No more risky AI suggestions slipping through. No more last-minute rewrites. Just safe, trustworthy code from the first prompt. Codacy leverages the most popular open source code analysis tools, which can simply follow your local linting configuration or be customized at scale on the Codacy cloud platform.
This enables companies to be truly safe while letting developers work within their IDE and AI model of choice.
Maybe you already have Codacy issues, merged from a commit or PR. Or you have some insufficient coverage, and you need to dig into building tests. No problem: Codacy Guardrails has access to all quality and security information so that you can ask, fix, understand, report, or simply browse.
Introducing Our Free Developer Plan
For Developers to feel safe in the world of AI-assisted coding, we are introducing a new free price tier: Developer.
Our new Developer plan is completely free to use. It includes Codacy Guardrails to use locally with VSCode, Cursor, and Windsurf.
You can configure the scan rules within Codacy Guardrails as much as you want. You can move fast and vibe safely.
When you start using Codacy as a Team or Business—and centralize the code analysis config or connect with your Git Service (Github, Bitbucket, Gitlab)—you can choose one of our paid plans, which include everything you need to produce trustworthy software.
The Future of Software Starts Before Code Is Even Written
Today, we unveiled a new moment in writing software. The industry has been trying to shift left and empower or encumber developers with making software more secure.
At Codacy, we’ve always strived to help developers build better software.
With Guardrails, we’re making sure that the new paradigm of AI-assisted development can fit in a world where software is built on the back of continuous process, tool, and discipline iterations.
We can’t go back. So we’re choosing to be as shift-left as possible, not hindering speed but augmenting safety.
What stands left of the developer is AI. And we’re making sure AI works well and that we protect companies from small hallucinations that can crumble empires.
Maybe AI models will be perfect in the future. Maybe AI will write more secure software than humans can ever write. Maybe all of that, sure.
Let’s just make sure that it does in the meantime.
