Codacy logo

AI visibility report

Codacy ranks #9 in AI Code Review & Code Quality AI search.

Outside the top three on 19 of the 25 prompts buyers actually ask.

Sourcegraph is cited on 8 of those losses.

25 prompts
6 platforms
Updated Jun 28, 2026 - refreshed weekly
Track Codacy daily

Free trial. Setup comes pre-filled for Codacy.

Track Codacy across these prompts daily.

Start free trial
4percent
Presence Rate
Low presence

#9 among 11 vendors · still absent from 96% of tracked prompt responses

Top-3 citations across 150 prompt × platform pairs

+0.10
Sentiment
-1.00.0+1.0
Neutral
#9of 11

Peer Ranking

#1#11
Below averagein AI Code Review & Code Quality

Key Metrics

Presence Rate4.0%
Share of Voice6.3%
Avg Position#8.7
Docs Presence0.7%
Blog Presence0.7%
Brand Mentions4.0%

Platform Breakdown

ChatGPT
8%2/25 prompts
Gemini Search
8%2/25 prompts
Google AI Mode
4%1/25 prompts
Perplexity
4%1/25 prompts
Bing Copilot
0%0/25 prompts
Grok
0%0/25 prompts

Visible, but narrative can improve. Codacy ranks #9 on presence but #11 on sentiment. The brand appears relatively often, but competitors may be getting more favorable language when they appear.

Where Codacy is losing

Prompts where competitors are visible and Codacy is not.

These prompt-level losses are the first prompts to track and repair.

Where Codacy is winning1

  • Which code quality tools let teams define custom rules and guardrails specific to their architecture so the tool enforces their own conventions?

    Avg # 6.0 · 1 platform

Where Codacy is losing5

  • I need a code quality tool that enforces quality gates in CI and blocks merges when coverage drops or critical issues are introduced — which platforms do this well?

    Competitors on 3 platforms

    Track this prompt
  • What code analysis platforms have reliable CI integrations that don't cause flaky build failures due to rate limiting or API timeouts?

    Competitors on 3 platforms

    Track this prompt
  • What code quality platforms scale to thousands of PRs per day without degrading analysis quality or response time?

    Competitors on 3 platforms

    Track this prompt
  • What AI code review platforms are popular with engineering leads who want to spend less time on repetitive PR feedback and more on architectural comments?

    Competitors on 2 platforms

    Track this prompt
  • Which AI code review tools can detect security vulnerabilities and insecure coding patterns across multiple languages in the same repository?

    Competitors on 2 platforms

    Track this prompt

Track Codacy daily before the next report refresh.

Track these gaps
Research dossierCapabilities, use cases, sources, reviews, pricing, and FAQ

Overview

Codacy is a cloud-native code quality and application security platform founded in 2012 and headquartered in Lisbon, Portugal. It helps engineering teams automatically detect and fix quality issues, security vulnerabilities, and policy violations across the full software development lifecycle—from IDE to production. The platform covers static analysis (SAST), software composition analysis (SCA), secrets detection, infrastructure-as-code scanning, DAST, and test coverage tracking, all without requiring CI/CD pipeline integration. As of 2025–2026, Codacy has expanded into AI-assisted engineering governance with AI Guardrails, an AI Reviewer, an AI Inventory, and an AI Risk Hub. It is trusted by over 15,000 organizations and more than 200,000 developers worldwide, and has raised approximately $29.9M in total venture funding.

Codacy is a DevSecOps platform that unifies code quality scanning, application security testing, and AI coding governance into a single cloud-based solution. It analyzes code across 49 languages via SAST, SCA, secrets detection, IaC scanning, DAST, and test coverage measurement, delivering results on every commit and Pull Request via webhook—no CI/CD pipeline steps required. Its AI Reviewer layer adds context-aware PR feedback and one-click fix suggestions, while AI Guardrails enforce organizational coding and security policies in real time inside IDEs and AI coding agents (Copilot, Cursor, Claude). The platform provides a centralized AI Inventory and Risk Hub for organizations managing AI-generated code at scale.

Key Facts

Founded
2012
HQ
Lisbon, Portugal
Founders
Jaime Jorge, João Caxaria
Employees
50-100
Funding
~$29.9M
Customers
15,000+ organizations
Status
Private

Target users

Engineering leaders and VPs of Engineering seeking organization-wide code quality and security governanceDevSecOps and platform engineering teams consolidating AppSec toolingSoftware development teams using AI coding assistants (Copilot, Cursor, Claude) needing guardrailsMid-market and enterprise engineering organizations with multi-repo, multi-language codebasesCompliance-focused teams requiring audit-ready reports for SOC 2, ISO 27001, or PCI DSSOpen-source project maintainers (free tier for public repositories)

Key Capabilities10

  • Automated static code analysis (SAST) across 49 programming languages and frameworks
  • Software Composition Analysis (SCA) with daily CVE and malicious package re-scans
  • Hardcoded secrets and password detection
  • Infrastructure-as-Code (IaC) misconfiguration scanning
  • Dynamic Application Security Testing (DAST) and container image scanning (Business tier)
  • AI-powered Pull Request reviewer with one-click fix suggestions and false positive triage
  • AI Guardrails: real-time enforcement of coding/security policies during AI-assisted code generation in IDE and agentic workflows
  • Test coverage tracking and merge gates with configurable thresholds
  • Centralized AI Inventory and AI Risk Hub for governing AI model and tool usage
  • Organization-wide security and risk dashboard with SBOM export and SLA tracking

Key Use Cases8

  • Automated code quality and security gate enforcement on every Pull Request
  • Governing and auditing AI-generated code from Copilot, Cursor, Claude, and other coding agents
  • Standardizing coding and security policies across large, multi-repo engineering organizations
  • Continuous compliance evidence generation for SOC 2, ISO 27001, and PCI DSS
  • Scaling unit test coverage measurement and enforcement across engineering teams
  • Replacing fragmented tool stacks (SAST + SCA + secrets + coverage) with a single platform
  • Developer experience improvement by shifting security and quality feedback into the IDE
  • Technical debt visibility and remediation tracking at portfolio scale

Codacy customer outcomes

LSports

10x unit test coverage increase (7% to 70%); zero new critical security issues in 2 years

LSports standardized 800 core repositories under unified quality gates and achieved a 10x increase in unit test coverage (from under 7% to 70%) over approximately two years of structured Codacy implementation, while blocking all new critical security issues at the PR merge gate.

O.C. Tanner

Up to 60% reduction in development costs

O.C. Tanner reduced the time to identify coding issues to less than 10% of the time previously required, resulting in up to 60% savings in development costs after consolidating their code quality toolset with Codacy.

Recent Trend

Visibility-4.5 pts
Avg position+2.67
Sentiment-0.31

How AI describes Codacy3

### Codacy * How it works: Codacy automates code quality and code review analytics.

What code review tools work across both cloud-hosted and on-premises version control systems for teams with a hybrid repository strategy?

google-aiDirect Codacy mention
Codacy Guardrails: Integrates with local development environments and Model Context Protocol (MCP) servers to enforce organization-wide coding and structural policies dynamically, preventing AI agents or developers from violating system invariants.

Which code quality tools let teams define custom rules and guardrails specific to their architecture so the tool enforces their own conventions?

google-aiDirect Codacy mention
TigerGate ### Codacy Codacy tracks code quality, duplication, and complexity over time across commits and pull requests.

What code quality platforms track technical debt trends over time and show whether the team is paying it down or accumulating more?

google-aiDirect Codacy mention

Alternatives in AI Code Review & Code Quality6

Codacy positions itself as an all-in-one, pipeline-less DevSecOps platform that unifies code quality, static security (SAST), software composition analysis (SCA), secrets scanning, IaC, DAST, and AI coding governance in a single cloud-native solution.

  • Its differentiating angle against SonarQube/SonarSource is simpler setup with no CI/CD pipeline steps and predictable per-developer pricing (not per-line-of-code).
  • Against pure AI reviewers like CodeRabbit, Codacy emphasizes its broader deterministic scanning suite and AI Guardrails governance layer.
  • The platform increasingly targets agentic/AI-assisted development teams, billing itself as the guardrail layer for Copilot, Cursor, and other LLM-driven coding agents.
View category comparison hub

Reviews

Praised

  • Easy integration with GitHub, GitLab, and Bitbucket
  • Automated PR code reviews with minimal configuration
  • Broad multi-language support (49 languages)
  • Quality gates and merge enforcement
  • Fast setup — full scan within minutes
  • Responsive and helpful customer support team
  • Actionable, line-level issue feedback
  • Saves significant time on manual code reviews

Criticized

  • Pricing is high for small teams or individual developers
  • Email support response times can exceed 24 hours
  • No support for Azure Repos or self-hosted Git deployments
  • Signal-to-noise ratio requires manual tuning for some stacks
  • Repository disconnects when inactive (reported by some users)
  • On-prem version had stability issues and cost 2.5x more than cloud

Codacy holds a 4.6/5 rating on G2 based on 28 verified reviews, with 80% of reviewers awarding five stars as of Fall 2023. Users consistently praise its ease of integration with GitHub, GitLab, and Bitbucket, the quality gate and automated PR review functionality, and its breadth of language support. G2 scores highlight ease of use (9.2/10), quality of support (9.2/10), and automated scans (9.1/10) as standout attributes. Common criticisms include pricing being steep for smaller organizations, slow email support response times for enterprise tiers, and the need to tune scan rules to reduce noise. Codacy has been recognized as a G2 Leader in multiple consecutive report cycles including Spring 2025.

Pricing

Codacy offers three tiers. Developer (free forever) covers individual developers with IDE guardrails, SAST, secrets, and SCA for public repositories across TypeScript, JavaScript, Python, and Java. Team starts at $18/dev/month (billed annually) or $21/dev/month (monthly) for up to 30 developers and 100 private repositories, including AI-powered PR feedback, quality and security gates, Jira/Slack integrations, and 49-language support. Business is custom-priced and adds unlimited repositories, DAST, container scanning, AI Inventory, SBOM export, SLA tracking, audit logs, and a dedicated Customer Success Manager. All plans include a 14-day free trial with no credit card required. Codacy is also purchasable through the AWS Marketplace.

Limitations

  • Codacy does not support self-hosted or on-premise Git providers; Azure DevOps/Repos, GitHub Enterprise Server, and self-managed GitLab are unsupported as of the research date.
  • The platform is cloud-only for code scanning (no on-prem Codacy server).
  • Reviewers on Capterra and G2 cite that pricing can be prohibitive for smaller organizations (~$19/dev/month on Team tier).
  • Email-based enterprise support has been criticized for slow response times.
  • Some users report a need to tune the signal-to-noise ratio of findings for their specific stack.
  • Jupyter Notebook code must be extracted to Python for analysis.
  • Real-time IDE scanning (outside the PR flow) was listed as not yet fully supported at the time of research.

Frequently asked questions

Topic coverageCoverage by buyer topic

Topic Coverage

Capability2/5DevEx1/5Integrations &Ecosystem0/5Performance &Reliability1/5Setup & First Run2/5

Prompt-Level Results

Brand citedCompetitor citedNot cited
PromptGoogle AI ModeBing CopilotPerplexityChatGPTGemini SearchGrok
Capability2/5 cited (40%)

I need a code quality tool that enforces quality gates in CI and blocks merges when coverage drops or critical issues are introduced — which platforms do this well?

Which AI code review tools can detect security vulnerabilities and insecure coding patterns across multiple languages in the same repository?

What AI code review tools can analyze infrastructure-as-code files alongside application code for a full-stack security posture review?

What code quality platforms track technical debt trends over time and show whether the team is paying it down or accumulating more?

Which AI PR review tools can summarize large diffs and give an overall assessment of a pull request rather than only commenting line by line?

Developer Experience1/5 cited (20%)

Looking for an AI PR review tool that learns from the codebase and past review decisions so feedback improves over time — what are my options?

What AI code review platforms are popular with engineering leads who want to spend less time on repetitive PR feedback and more on architectural comments?

Which code quality tools let teams define custom rules and guardrails specific to their architecture so the tool enforces their own conventions?

Which AI code review tools give feedback that engineers actually find useful — not just style nitpicks but real logic and security issues?

What code quality platforms have the lowest false positive rate so developers don't spend time dismissing irrelevant warnings?

Integrations & Ecosystem0/5 cited (0%)

What code review tools work across both cloud-hosted and on-premises version control systems for teams with a hybrid repository strategy?

Which AI PR review platforms support self-hosted deployments that keep code on-premises and don't send source code to third-party models?

Which code quality platforms integrate with issue trackers to automatically create tickets for critical issues found during code review?

Looking for a code quality tool that feeds results into a security dashboard for CISO-level reporting — which platforms have strong SIEM and security integrations?

What AI code review tools integrate with IDE plugins so developers get the same automated feedback locally before pushing a pull request?

Performance & Reliability1/5 cited (20%)

What code analysis platforms have reliable CI integrations that don't cause flaky build failures due to rate limiting or API timeouts?

Which AI code review tools complete their analysis fast enough to not delay a PR workflow — which ones consistently finish within 2 minutes?

Which AI code review tools maintain consistent review quality across a polyglot repository with Go, Python, and TypeScript services?

Which AI review tools handle very large pull requests with 500+ changed files without timing out or producing incomplete feedback?

What code quality platforms scale to thousands of PRs per day without degrading analysis quality or response time?

Setup & First Run2/5 cited (40%)

Which code quality platforms can analyze a 500k-line legacy codebase and give a prioritized technical debt report without manual configuration?

I'm evaluating AI pull request review tools for a Python and TypeScript codebase — which ones require the least configuration to get useful feedback from day one?

What AI code review tools have the smoothest version control platform integration so reviews appear inline on diffs automatically on every PR?

Which AI code review tools can be added to a pull request workflow in under 30 minutes with no changes to existing CI pipelines?

What are the best automated code quality tools for a team of 15 engineers that wants to enforce standards without a dedicated security engineer?

Turn this matrix into daily prompt monitoring.

Track prompt changes

Vertical Ranking

#BrandPres.SoVDocsBlogMent.PosSentiment
1Qodo14.0%18.3%0.7%8.0%12.7%#8.9+0.42
2CodeRabbit11.3%13.1%4.0%1.3%9.3%#9.1+0.39
3SonarSource10.7%14.7%1.3%1.3%8.7%#8.3+0.39
4Greptile10.0%11.5%0.0%0.0%8.7%#7.8+0.49
5Sourcegraph8.7%8.4%0.0%8.7%8.7%#3.8+0.38
6Graphite8.0%8.9%0.0%7.3%6.0%#6.6+0.47
7Snyk6.7%7.9%0.7%0.0%6.0%#10.9+0.40
8DeepSource4.7%4.7%0.0%0.7%4.0%#7.9+0.36
9Codacy4.0%6.3%0.7%0.7%4.0%#8.7+0.10
10Semgrep3.3%3.1%0.7%0.0%3.3%#18.5+0.48
11Code Climate1.3%3.1%0.0%0.7%0.7%#6.7+0.45

Turn this into your team dashboard

Sign up to unlock project-level analytics, daily tracking, actionable insights, custom prompt configurations, adoption tracking, AI traffic analytics and more.

Free trial. Setup comes pre-filled from this report.

Get started free