Six pillars. One platform.
No compromises.
Quality, security, architecture, intelligence, continuous monitoring, and AI assistance — built as one system, shipped as one platform, priced as one product. Everything you'd assemble from SonarQube + Snyk + CodeClimate + GitGuardian + ArchUnit, integrated.
Code Quality
Quality gates that catch problems before merge
Cyclomatic and cognitive complexity per function, SQALE-modeled technical debt ratio, maintainability index, duplication detection, documentation density. Same methodology as SonarQube Enterprise — no licensing seat tax, no third-party server to babysit.
- A–F sub-ratings split into Reliability (bugs), Security (vulns), and Maintainability (smells)
- SQALE technical-debt ratio with per-file remediation estimates in developer-minutes
- Cognitive complexity (SonarSource model, nesting-weighted) — catches the hard-to-read code that cyclomatic misses
- Quality gates configurable per project: block merges when score drops below your threshold
Security
OWASP-aligned scanning, hardcoded-secret detection, CVE feed
Detect SQL injection, XSS, hardcoded credentials (Stripe, AWS, GitHub PATs, etc.), unsafe exception handling, and 50+ rules mapped to CWE numbers and the OWASP Top 10. Live CVE feed from OSV.dev for every dependency you ship.
- CWE-tagged detector rules — every finding maps to a CWE and an OWASP category
- Provider-prefixed token detection (sk_live_*, ghp_*, AKIA*, xoxb-*, glpat-*)
- CVSS-weighted security score: critical/high/medium/low CVEs deduct proportionally
- False-positive controls: JSDoc comments, form state assignments, parameterized queries are not flagged
Architecture
3D dependency graphs and architectural drift detection
See your codebase the way an architect does. Force-directed 3D graph of every module, click any file to isolate its blast radius, find the cycles, measure coupling and instability, surface the hotspots that drag your team down.
- Interactive 3D force-graph (WebGL) — pan, zoom, click-to-isolate any file
- Instability Index, Afferent / Efferent coupling, dependency depth, circular cycles
- Hotspot rollup: files with both high churn and high complexity flagged automatically
- Blast Radius: pick a file, see every downstream consumer before you refactor it
Code Intelligence
Seven-pillar grade card across every dimension that matters
We don't reduce a codebase to one number. The Code Intelligence dashboard rolls up seven independent pillars — quality, temporal risk, architecture, security, business value, human/knowledge, and ecosystem — each with its own A–F rating and the metrics behind it.
- Code Quality: cyclomatic, cognitive, maintainability index, doc density, duplication
- Temporal & Risk: churn, hotspots, code age (bit-rot), refactoring impact trend
- Human & Knowledge: truck factor, ownership concentration, knowledge silos
- Modern Ecosystem: LibYear (dep freshness), license compliance, copyleft flags
Continuous
Auto-rescan on every push, version history, drift alerts
Connect GitHub / GitLab / Bitbucket. Every push triggers a rescan in the background. Version history shows how every metric trends release over release. Get notified the moment your debt ratio jumps or your security rating slips.
- HMAC-SHA256 webhook validation — exactly what GitHub Apps use for security
- Per-project rescan settings: auto, scheduled (cron), or manual-only
- Slack / Teams / email notifications on analysis complete, security regression, score drop
- Side-by-side version comparison with score deltas per pillar
AI
AI-powered fix synthesis, issue triage, PR review
Every issue includes a one-click 'Explain' that uses Claude to translate the rule violation into plain English, with a concrete suggested fix that respects your code style. PR Review mode synthesizes a checklist of everything you should look at before merging.
- Per-issue AI explain — context-aware, includes the surrounding code
- Fix synthesis: not just "what's wrong" but a concrete diff you can paste
- Smart prioritization: rank issues by blast radius × severity × confidence
- Forecast: predicts quality trend over the next 90 days based on recent commits
Plus everything else
Built for teams that ship.
Real-time analysis
Push to main, watch progress stream live, results in under a minute for a typical repo. WebSocket-streamed phase-by-phase.
29 languages, real ASTs
JavaScript, TypeScript, Python, Java, Go, C#, C, C++, Rust, Ruby, PHP, Kotlin, Swift, Scala, Dart, Lua, Bash, Elixir, Objective-C, Vue, Svelte, Groovy, PowerShell, OCaml, R, HTML, CSS, JSON, XML. More than SonarCloud (27). Tree-sitter parsing — same engine GitHub and Neovim use. No regex false positives.
Source Explorer
Browse every file in-app. Click-through to any issue, line, or symbol from anywhere.
Code blame + history
Git blame surfaced inline. Every metric shows who introduced it and when.
Compliance frameworks
SOC 2, HIPAA, PCI-DSS rule packs. Filter the issue list by framework with one click.
PR comment bot
GitHub App posts a summary on every pull request. Block merges below your quality gate.
Project board
Every issue auto-generates a ticket. Drag between Todo / In Progress / Done columns.
Custom dashboards
Surface the metrics that matter to your team. Pin charts, export to CSV / Markdown / JSON.
Encrypted at rest
AES-256-GCM for every git PAT. JWT auth with refresh rotation. Per-user tier overrides.
Team + RBAC
Owner / Admin / Member / Viewer roles. SAML SSO via WorkOS on the Enterprise tier.
Custom rules
Write your own regex or AST-pattern rules. Test against pasted snippets before enabling.
Mutation testing
Integration with Stryker / Pitest / mutmut to measure how good your tests actually are.
See it on your own code.
Free tier. No credit card. Connect a public repo, get a full Code Intelligence report in under a minute.