Features

Six pillars. One platform.
No compromises.

Quality, security, architecture, intelligence, continuous monitoring, and AI assistance — built as one system, shipped as one platform, priced as one product. Everything you'd assemble from SonarQube + Snyk + CodeClimate + GitGuardian + ArchUnit, integrated.

Code Quality

Quality gates that catch problems before merge

Cyclomatic and cognitive complexity per function, SQALE-modeled technical debt ratio, maintainability index, duplication detection, documentation density. Same methodology as SonarQube Enterprise — no licensing seat tax, no third-party server to babysit.

  • A–F sub-ratings split into Reliability (bugs), Security (vulns), and Maintainability (smells)
  • SQALE technical-debt ratio with per-file remediation estimates in developer-minutes
  • Cognitive complexity (SonarSource model, nesting-weighted) — catches the hard-to-read code that cyclomatic misses
  • Quality gates configurable per project: block merges when score drops below your threshold

Security

OWASP-aligned scanning, hardcoded-secret detection, CVE feed

Detect SQL injection, XSS, hardcoded credentials (Stripe, AWS, GitHub PATs, etc.), unsafe exception handling, and 50+ rules mapped to CWE numbers and the OWASP Top 10. Live CVE feed from OSV.dev for every dependency you ship.

  • CWE-tagged detector rules — every finding maps to a CWE and an OWASP category
  • Provider-prefixed token detection (sk_live_*, ghp_*, AKIA*, xoxb-*, glpat-*)
  • CVSS-weighted security score: critical/high/medium/low CVEs deduct proportionally
  • False-positive controls: JSDoc comments, form state assignments, parameterized queries are not flagged

Architecture

3D dependency graphs and architectural drift detection

See your codebase the way an architect does. Force-directed 3D graph of every module, click any file to isolate its blast radius, find the cycles, measure coupling and instability, surface the hotspots that drag your team down.

  • Interactive 3D force-graph (WebGL) — pan, zoom, click-to-isolate any file
  • Instability Index, Afferent / Efferent coupling, dependency depth, circular cycles
  • Hotspot rollup: files with both high churn and high complexity flagged automatically
  • Blast Radius: pick a file, see every downstream consumer before you refactor it

Code Intelligence

Seven-pillar grade card across every dimension that matters

We don't reduce a codebase to one number. The Code Intelligence dashboard rolls up seven independent pillars — quality, temporal risk, architecture, security, business value, human/knowledge, and ecosystem — each with its own A–F rating and the metrics behind it.

  • Code Quality: cyclomatic, cognitive, maintainability index, doc density, duplication
  • Temporal & Risk: churn, hotspots, code age (bit-rot), refactoring impact trend
  • Human & Knowledge: truck factor, ownership concentration, knowledge silos
  • Modern Ecosystem: LibYear (dep freshness), license compliance, copyleft flags

Continuous

Auto-rescan on every push, version history, drift alerts

Connect GitHub / GitLab / Bitbucket. Every push triggers a rescan in the background. Version history shows how every metric trends release over release. Get notified the moment your debt ratio jumps or your security rating slips.

  • HMAC-SHA256 webhook validation — exactly what GitHub Apps use for security
  • Per-project rescan settings: auto, scheduled (cron), or manual-only
  • Slack / Teams / email notifications on analysis complete, security regression, score drop
  • Side-by-side version comparison with score deltas per pillar

AI

AI-powered fix synthesis, issue triage, PR review

Every issue includes a one-click 'Explain' that uses Claude to translate the rule violation into plain English, with a concrete suggested fix that respects your code style. PR Review mode synthesizes a checklist of everything you should look at before merging.

  • Per-issue AI explain — context-aware, includes the surrounding code
  • Fix synthesis: not just "what's wrong" but a concrete diff you can paste
  • Smart prioritization: rank issues by blast radius × severity × confidence
  • Forecast: predicts quality trend over the next 90 days based on recent commits

Plus everything else

Built for teams that ship.

Real-time analysis

Push to main, watch progress stream live, results in under a minute for a typical repo. WebSocket-streamed phase-by-phase.

29 languages, real ASTs

JavaScript, TypeScript, Python, Java, Go, C#, C, C++, Rust, Ruby, PHP, Kotlin, Swift, Scala, Dart, Lua, Bash, Elixir, Objective-C, Vue, Svelte, Groovy, PowerShell, OCaml, R, HTML, CSS, JSON, XML. More than SonarCloud (27). Tree-sitter parsing — same engine GitHub and Neovim use. No regex false positives.

Source Explorer

Browse every file in-app. Click-through to any issue, line, or symbol from anywhere.

Code blame + history

Git blame surfaced inline. Every metric shows who introduced it and when.

Compliance frameworks

SOC 2, HIPAA, PCI-DSS rule packs. Filter the issue list by framework with one click.

PR comment bot

GitHub App posts a summary on every pull request. Block merges below your quality gate.

Project board

Every issue auto-generates a ticket. Drag between Todo / In Progress / Done columns.

Custom dashboards

Surface the metrics that matter to your team. Pin charts, export to CSV / Markdown / JSON.

Encrypted at rest

AES-256-GCM for every git PAT. JWT auth with refresh rotation. Per-user tier overrides.

Team + RBAC

Owner / Admin / Member / Viewer roles. SAML SSO via WorkOS on the Enterprise tier.

Custom rules

Write your own regex or AST-pattern rules. Test against pasted snippets before enabling.

Mutation testing

Integration with Stryker / Pitest / mutmut to measure how good your tests actually are.

See it on your own code.

Free tier. No credit card. Connect a public repo, get a full Code Intelligence report in under a minute.