
AI visibility report
Codacy ranks #9 in AI Code Review & Code Quality AI search.
Outside the top three on 19 of the 25 prompts buyers actually ask.
Sourcegraph is cited on 8 of those losses.
Free trial. Setup comes pre-filled for Codacy.
Track Codacy across these prompts daily.
Start free trial#9 among 11 vendors · still absent from 96% of tracked prompt responses
Top-3 citations across 150 prompt × platform pairs
Peer Ranking
Key Metrics
Platform Breakdown
Visible, but narrative can improve. Codacy ranks #9 on presence but #11 on sentiment. The brand appears relatively often, but competitors may be getting more favorable language when they appear.
Where Codacy is losing
Prompts where competitors are visible and Codacy is not.
These prompt-level losses are the first prompts to track and repair.
Where Codacy is winning1
Which code quality tools let teams define custom rules and guardrails specific to their architecture so the tool enforces their own conventions?
Avg # 6.0 · 1 platform
Where Codacy is losing5
I need a code quality tool that enforces quality gates in CI and blocks merges when coverage drops or critical issues are introduced — which platforms do this well?
Competitors on 3 platforms
Track this promptWhat code analysis platforms have reliable CI integrations that don't cause flaky build failures due to rate limiting or API timeouts?
Competitors on 3 platforms
Track this promptWhat code quality platforms scale to thousands of PRs per day without degrading analysis quality or response time?
Competitors on 3 platforms
Track this promptWhat AI code review platforms are popular with engineering leads who want to spend less time on repetitive PR feedback and more on architectural comments?
Competitors on 2 platforms
Track this promptWhich AI code review tools can detect security vulnerabilities and insecure coding patterns across multiple languages in the same repository?
Competitors on 2 platforms
Track this prompt
Track Codacy daily before the next report refresh.
Track these gapsResearch dossierCapabilities, use cases, sources, reviews, pricing, and FAQ
Overview
Codacy is a cloud-native code quality and application security platform founded in 2012 and headquartered in Lisbon, Portugal. It helps engineering teams automatically detect and fix quality issues, security vulnerabilities, and policy violations across the full software development lifecycle—from IDE to production. The platform covers static analysis (SAST), software composition analysis (SCA), secrets detection, infrastructure-as-code scanning, DAST, and test coverage tracking, all without requiring CI/CD pipeline integration. As of 2025–2026, Codacy has expanded into AI-assisted engineering governance with AI Guardrails, an AI Reviewer, an AI Inventory, and an AI Risk Hub. It is trusted by over 15,000 organizations and more than 200,000 developers worldwide, and has raised approximately $29.9M in total venture funding.
Codacy is a DevSecOps platform that unifies code quality scanning, application security testing, and AI coding governance into a single cloud-based solution. It analyzes code across 49 languages via SAST, SCA, secrets detection, IaC scanning, DAST, and test coverage measurement, delivering results on every commit and Pull Request via webhook—no CI/CD pipeline steps required. Its AI Reviewer layer adds context-aware PR feedback and one-click fix suggestions, while AI Guardrails enforce organizational coding and security policies in real time inside IDEs and AI coding agents (Copilot, Cursor, Claude). The platform provides a centralized AI Inventory and Risk Hub for organizations managing AI-generated code at scale.
Key Facts
- Founded
- 2012
- HQ
- Lisbon, Portugal
- Founders
- Jaime Jorge, João Caxaria
- Employees
- 50-100
- Funding
- ~$29.9M
- Customers
- 15,000+ organizations
- Status
- Private
Target users
Key Capabilities10
- Automated static code analysis (SAST) across 49 programming languages and frameworks
- Software Composition Analysis (SCA) with daily CVE and malicious package re-scans
- Hardcoded secrets and password detection
- Infrastructure-as-Code (IaC) misconfiguration scanning
- Dynamic Application Security Testing (DAST) and container image scanning (Business tier)
- AI-powered Pull Request reviewer with one-click fix suggestions and false positive triage
- AI Guardrails: real-time enforcement of coding/security policies during AI-assisted code generation in IDE and agentic workflows
- Test coverage tracking and merge gates with configurable thresholds
- Centralized AI Inventory and AI Risk Hub for governing AI model and tool usage
- Organization-wide security and risk dashboard with SBOM export and SLA tracking
Key Use Cases8
- Automated code quality and security gate enforcement on every Pull Request
- Governing and auditing AI-generated code from Copilot, Cursor, Claude, and other coding agents
- Standardizing coding and security policies across large, multi-repo engineering organizations
- Continuous compliance evidence generation for SOC 2, ISO 27001, and PCI DSS
- Scaling unit test coverage measurement and enforcement across engineering teams
- Replacing fragmented tool stacks (SAST + SCA + secrets + coverage) with a single platform
- Developer experience improvement by shifting security and quality feedback into the IDE
- Technical debt visibility and remediation tracking at portfolio scale
Codacy customer outcomes
10x unit test coverage increase (7% to 70%); zero new critical security issues in 2 years
LSports standardized 800 core repositories under unified quality gates and achieved a 10x increase in unit test coverage (from under 7% to 70%) over approximately two years of structured Codacy implementation, while blocking all new critical security issues at the PR merge gate.
Up to 60% reduction in development costs
O.C. Tanner reduced the time to identify coding issues to less than 10% of the time previously required, resulting in up to 60% savings in development costs after consolidating their code quality toolset with Codacy.
Recent Trend
How AI describes Codacy3
### Codacy * How it works: Codacy automates code quality and code review analytics.
What code review tools work across both cloud-hosted and on-premises version control systems for teams with a hybrid repository strategy?
Codacy Guardrails: Integrates with local development environments and Model Context Protocol (MCP) servers to enforce organization-wide coding and structural policies dynamically, preventing AI agents or developers from violating system invariants.
Which code quality tools let teams define custom rules and guardrails specific to their architecture so the tool enforces their own conventions?
TigerGate ### Codacy Codacy tracks code quality, duplication, and complexity over time across commits and pull requests.
What code quality platforms track technical debt trends over time and show whether the team is paying it down or accumulating more?
Most cited sources6
10Codacy | Code Quality & Security for AI-Assisted Engineering
codacy.com·Landing Page
4AI Guardrails for Code Quality & Security | Codacy
codacy.com·Product Page
4AI Info | Codacy
codacy.com·Landing Page
3Code Quality for AI-Assisted Engineering Teams | Codacy
codacy.com·Landing Page
- B2
Code Quality Trends: Better Prediction With Code Quality Dashboard - Codacy | Blog
blog.codacy.com·Blog Post
- D1
Adjusting quality gates - Codacy docs
docs.codacy.com·Documentation
Alternatives in AI Code Review & Code Quality6
Codacy positions itself as an all-in-one, pipeline-less DevSecOps platform that unifies code quality, static security (SAST), software composition analysis (SCA), secrets scanning, IaC, DAST, and AI coding governance in a single cloud-native solution.
- Its differentiating angle against SonarQube/SonarSource is simpler setup with no CI/CD pipeline steps and predictable per-developer pricing (not per-line-of-code).
- Against pure AI reviewers like CodeRabbit, Codacy emphasizes its broader deterministic scanning suite and AI Guardrails governance layer.
- The platform increasingly targets agentic/AI-assisted development teams, billing itself as the guardrail layer for Copilot, Cursor, and other LLM-driven coding agents.
Reviews
Praised
- Easy integration with GitHub, GitLab, and Bitbucket
- Automated PR code reviews with minimal configuration
- Broad multi-language support (49 languages)
- Quality gates and merge enforcement
- Fast setup — full scan within minutes
- Responsive and helpful customer support team
- Actionable, line-level issue feedback
- Saves significant time on manual code reviews
Criticized
- Pricing is high for small teams or individual developers
- Email support response times can exceed 24 hours
- No support for Azure Repos or self-hosted Git deployments
- Signal-to-noise ratio requires manual tuning for some stacks
- Repository disconnects when inactive (reported by some users)
- On-prem version had stability issues and cost 2.5x more than cloud
Codacy holds a 4.6/5 rating on G2 based on 28 verified reviews, with 80% of reviewers awarding five stars as of Fall 2023. Users consistently praise its ease of integration with GitHub, GitLab, and Bitbucket, the quality gate and automated PR review functionality, and its breadth of language support. G2 scores highlight ease of use (9.2/10), quality of support (9.2/10), and automated scans (9.1/10) as standout attributes. Common criticisms include pricing being steep for smaller organizations, slow email support response times for enterprise tiers, and the need to tune scan rules to reduce noise. Codacy has been recognized as a G2 Leader in multiple consecutive report cycles including Spring 2025.
Pricing
Codacy offers three tiers. Developer (free forever) covers individual developers with IDE guardrails, SAST, secrets, and SCA for public repositories across TypeScript, JavaScript, Python, and Java. Team starts at $18/dev/month (billed annually) or $21/dev/month (monthly) for up to 30 developers and 100 private repositories, including AI-powered PR feedback, quality and security gates, Jira/Slack integrations, and 49-language support. Business is custom-priced and adds unlimited repositories, DAST, container scanning, AI Inventory, SBOM export, SLA tracking, audit logs, and a dedicated Customer Success Manager. All plans include a 14-day free trial with no credit card required. Codacy is also purchasable through the AWS Marketplace.
Limitations
- Codacy does not support self-hosted or on-premise Git providers; Azure DevOps/Repos, GitHub Enterprise Server, and self-managed GitLab are unsupported as of the research date.
- The platform is cloud-only for code scanning (no on-prem Codacy server).
- Reviewers on Capterra and G2 cite that pricing can be prohibitive for smaller organizations (~$19/dev/month on Team tier).
- Email-based enterprise support has been criticized for slow response times.
- Some users report a need to tune the signal-to-noise ratio of findings for their specific stack.
- Jupyter Notebook code must be extracted to Python for analysis.
- Real-time IDE scanning (outside the PR flow) was listed as not yet fully supported at the time of research.
Frequently asked questions
Topic coverageCoverage by buyer topic
Topic Coverage
Prompt-Level Results
| Prompt | ||||||
|---|---|---|---|---|---|---|
Capability2/5 cited (40%) | ||||||
I need a code quality tool that enforces quality gates in CI and blocks merges when coverage drops or critical issues are introduced — which platforms do this well? | ||||||
Which AI code review tools can detect security vulnerabilities and insecure coding patterns across multiple languages in the same repository? | ||||||
What AI code review tools can analyze infrastructure-as-code files alongside application code for a full-stack security posture review? | ||||||
What code quality platforms track technical debt trends over time and show whether the team is paying it down or accumulating more? | ||||||
Which AI PR review tools can summarize large diffs and give an overall assessment of a pull request rather than only commenting line by line? | ||||||
Developer Experience1/5 cited (20%) | ||||||
Looking for an AI PR review tool that learns from the codebase and past review decisions so feedback improves over time — what are my options? | ||||||
What AI code review platforms are popular with engineering leads who want to spend less time on repetitive PR feedback and more on architectural comments? | ||||||
Which code quality tools let teams define custom rules and guardrails specific to their architecture so the tool enforces their own conventions? | ||||||
Which AI code review tools give feedback that engineers actually find useful — not just style nitpicks but real logic and security issues? | ||||||
What code quality platforms have the lowest false positive rate so developers don't spend time dismissing irrelevant warnings? | ||||||
Integrations & Ecosystem0/5 cited (0%) | ||||||
What code review tools work across both cloud-hosted and on-premises version control systems for teams with a hybrid repository strategy? | ||||||
Which AI PR review platforms support self-hosted deployments that keep code on-premises and don't send source code to third-party models? | ||||||
Which code quality platforms integrate with issue trackers to automatically create tickets for critical issues found during code review? | ||||||
Looking for a code quality tool that feeds results into a security dashboard for CISO-level reporting — which platforms have strong SIEM and security integrations? | ||||||
What AI code review tools integrate with IDE plugins so developers get the same automated feedback locally before pushing a pull request? | ||||||
Performance & Reliability1/5 cited (20%) | ||||||
What code analysis platforms have reliable CI integrations that don't cause flaky build failures due to rate limiting or API timeouts? | ||||||
Which AI code review tools complete their analysis fast enough to not delay a PR workflow — which ones consistently finish within 2 minutes? | ||||||
Which AI code review tools maintain consistent review quality across a polyglot repository with Go, Python, and TypeScript services? | ||||||
Which AI review tools handle very large pull requests with 500+ changed files without timing out or producing incomplete feedback? | ||||||
What code quality platforms scale to thousands of PRs per day without degrading analysis quality or response time? | ||||||
Setup & First Run2/5 cited (40%) | ||||||
Which code quality platforms can analyze a 500k-line legacy codebase and give a prioritized technical debt report without manual configuration? | ||||||
I'm evaluating AI pull request review tools for a Python and TypeScript codebase — which ones require the least configuration to get useful feedback from day one? | ||||||
What AI code review tools have the smoothest version control platform integration so reviews appear inline on diffs automatically on every PR? | ||||||
Which AI code review tools can be added to a pull request workflow in under 30 minutes with no changes to existing CI pipelines? | ||||||
What are the best automated code quality tools for a team of 15 engineers that wants to enforce standards without a dedicated security engineer? | ||||||
Turn this matrix into daily prompt monitoring.
Track prompt changesVertical Ranking
| # | Brand | PresencePres. | Share of VoiceSoV | DocsDocs | BlogBlog | MentionsMent. | Avg PosPos | Sentiment |
|---|---|---|---|---|---|---|---|---|
| 1 | Qodo | 14.0% | 18.3% | 0.7% | 8.0% | 12.7% | #8.9 | +0.42 |
| 2 | CodeRabbit | 11.3% | 13.1% | 4.0% | 1.3% | 9.3% | #9.1 | +0.39 |
| 3 | SonarSource | 10.7% | 14.7% | 1.3% | 1.3% | 8.7% | #8.3 | +0.39 |
| 4 | Greptile | 10.0% | 11.5% | 0.0% | 0.0% | 8.7% | #7.8 | +0.49 |
| 5 | Sourcegraph | 8.7% | 8.4% | 0.0% | 8.7% | 8.7% | #3.8 | +0.38 |
| 6 | Graphite | 8.0% | 8.9% | 0.0% | 7.3% | 6.0% | #6.6 | +0.47 |
| 7 | Snyk | 6.7% | 7.9% | 0.7% | 0.0% | 6.0% | #10.9 | +0.40 |
| 8 | DeepSource | 4.7% | 4.7% | 0.0% | 0.7% | 4.0% | #7.9 | +0.36 |
| 9 | Codacy | 4.0% | 6.3% | 0.7% | 0.7% | 4.0% | #8.7 | +0.10 |
| 10 | Semgrep | 3.3% | 3.1% | 0.7% | 0.0% | 3.3% | #18.5 | +0.48 |
| 11 | Code Climate | 1.3% | 3.1% | 0.0% | 0.7% | 0.7% | #6.7 | +0.45 |
Turn this into your team dashboard
Sign up to unlock project-level analytics, daily tracking, actionable insights, custom prompt configurations, adoption tracking, AI traffic analytics and more.
Free trial. Setup comes pre-filled from this report.