From Sonar to Codacy: How ihomer equipped their devs for the future with AI Guardrails

Key Outcomes:
- 20% reduction in duplicate code across key repositories
- 100% of projects onboarded to a unified platform (migrated all code scans from SonarCloud to Codacy)
- 50%+ of developers adopting AI guardrails in their daily workflow
“Codacy Guardrails made using a coding agent go from useful to essential.”
– Daan van Leth, AI Solutions Consultant at ihomer
About ihomer
ihomer is an IT services and consultancy firm based in the Netherlands that has been developing smart software solutions and services for numerous organizations in the EV and Energy transition market over the last 15 years. ISO 27001-certified, ihomer integrates this standard into its self‑managing, flexible organizational structure.
The Challenge
ihomer Needed Linting and Policy Checks to Run in the IDE, Not Just in the CI Pipeline
As a fast-growing development team working on multiple codebases, ihomer needed to maintain strict coding standards for data security and quality (which is non-negotiable to comply with ISO 27001).
While developers were increasingly using AI coding assistants to accelerate development, this introduced new risks. AI-generated code could inadvertently violate best practices or security policies if left unchecked.
The company wanted to “shift left” by catching issues early on in the development process, right in the IDE, rather than discovering problems late in code review or testing.
The tipping point came when ihomer’s existing static analysis solution changed its pricing model. “SonarQube switched payment models, which led us to search for
alternatives,” recalls Daan van Leth, AI Solutions Consultant at ihomer.
Plus, developers were asking for feedback in their IDEs. “I had colleagues come to me saying they “would like some feedback in the IDE before submitting a pull request,” Daan shared.
Daan recognized this as a chance to find a more cost-effective platform that could cover all their repositories. They needed a solution that was economical enough to roll out company-wide and flexible enough to enforce company-wide coding policies while allowing per-project adjustments.
“SonarQube’s pricing changed, so we needed an alternative that we could deploy across all projects. Colleagues were asking for real-time feedback in the IDE – we saw an opportunity to improve our process.”
– Daan van Leth, AI Solutions Consultant at ihomer
The Solution
Codacy Guardrails Brought Static Analysis into the IDE
ihomer turned to Codacy Guardrails, an IDE plugin for finding and auto-fixing insecure, non-compliant AI code while it's being generated, to meet these needs.
Codacy allowed all ihomer projects to be onboarded quickly and economically. Once the Codacy Guardrails extension was installed in Visual Studio Code and connected via the MCP (Model Context Protocol) server, Daan’s team integrated their existing AI coding assistant (GitHub Copilot) with Codacy’s real-time code scanning engine.
“Guardrails isn’t another AI model – it pairs our static analysis rules with the AI coding assistant we already use,” Daan shared.
Now, every time a developer writes or autocompletes code with the AI, Guardrails automatically scans the code.
The result is instant feedback and auto-fixes in the IDE: Guardrails flags an issue and even suggests a fix through Copilot before the code is saved. This immediate loop significantly reduces rework.
Implementing Codacy Guardrails was pretty straightforward. Daan acted as an early adopter and champion for the tool: “I was very excited to see that Codacy had an MCP server. Being a developer, I can appreciate first versions… Anything that works was a bonus for me,” he says.
The team also established a knowledge-sharing channel, a Slack group where developers share Guardrails tips and new rules, so that everyone can get the most out of the tool.
“We integrated Guardrails into VS Code with our AI assistant – every line of code gets scanned and even auto-fixed as we write. I really see a difference in how the agents help me code. Using Guardrails now, I spend far less time on linting issues; everything is more streamlined and effective.”
– Daan van Leth, AI Solutions Consultant at ihomer
The Results
Cleaner Code, Tighter Reviews, and 20% Less Rework
With Codacy Guardrails, ihomer achieved its goals of higher code quality, security, and efficiency within budget.
Outcomes:
-
~20% drop in duplicate code in several major repositories, improving maintainability
-
Zero outstanding critical vulnerabilities from AI-generated code – Guardrails flagged and helped fix security issues before merge
-
100% of projects covered under Codacy’s quality & security scans, versus partial coverage before (full platform adoption)
-
50% of the development team actively using AI + Guardrails in daily work, up from 0% previously (rapid team adoption of the new workflow)
These outcomes have translated into a more confident and productive engineering team. Developers spend less time fixing code vulnerabilities and more time building features, as Guardrails automates the grunt work of code review.
ihomer is looking ahead to deepen this partnership. Daan is exploring additional Codacy features – for example, integrating Dynamic Application Security Testing (DAST) capabilities next.
The team is actively engaged with Codacy’s product roadmap and adopting new improvements as they arrive.
“Guardrails became a no-brainer for us. We’re already integrating it in our pipelines and it’s now part of our agreed standards. I honestly cannot think of a reason not to use it.”
– Daan van Leth, AI Solutions Consultant at ihomer