Codacy has released Guardrails, a new solution for securing AI-generated code directly in the IDE to prevent vulnerabilities in code completions from reaching Git.

Codacy is best known for its automated application security and code quality solutions. The Codacy platform provides automated code reviews, static analysis, code quality analysis and security insights. 

Codacy Guardrails aims to give developers using AI coding assistants a way to produce code that can be trusted. Jaime Jorge, CEO and Co-founder of Codacy, says that an emerging problem is that when AI assistants are used to generate code at speed, it's difficult to ensure the code is secure. Guardrails offers a solution to this problem by checking AI-generated code is trustworthy and compliant before it reaches the developer.

Codacy Guardrails integrates directly with AI coding assistants such as Cursor, Windsurf, and GitHub Copilot to enforce coding standards. The tool is built on Codacy's SOC2-compliant platform, and teams can define their own secure development policies and apply them across every AI-generated prompt.

Codacy Guardrails gives the AI-assisted tools full access to the security and quality rules for your particular team. It is based on the Codacy Model Context Protocol (MCP) server, which connects the development environment to the coding standards used by your organization, meaning LLMs can include the knowledge of the policies you use, and can flag or fix issues in real time. 

Guardrails integrates with IDEs including VSCode, Cursor, Windsurf, Claude Code and Gemini CLI (IntelliJ coming soon)  using Codacy's plugin. The plugin includes the Codacy CLI which scans code locally and in real-time. It applies defined rules (local or platform-managed) to both AI-generated and human-written code, providing scan-as-you-type analysis. The scan on AI-generated code is carried out as the code is generated, and issues are fixed directly in the IDE for immediate acceptance. For human-generated code, the CLI provides scan-as-you-type, real-time analysis. The Codacy team says this is crucial for catching sensitive issues like hardcoded secrets or insecure dependencies pre-commit.

The plugin also includes an MCP server that handles the communication between the AI agent, the Codacy CLI, and the Codacy cloud platform. This is how the AI agents can access the organizational rules and answer natural language queries about Codacy data including issues, complexity, duplication, and test coverage directly in the chat panel.

Codacy has also introducing a free price tier aimed at developers, making the software more accessible. 

More Information

Codacy Guardrails

Related Articles

Codacy - Automated Code Review

Build Apps with Windsurf's AI Coding Agents - The Course 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info