Codacy

Our AI Reviewer for Pull Requests just got a significant upgrade. → Custom instructions to tune its output to your team’s preferences → Ready-to-use prompts for generating missing unit tests → ‘Run Reviewer’ button on your PR to re-trigger reviews as you commit changes Read the full update📷 blog.codacy.com/whats-new-in-c…

Kiran Kumar Badam runs engineering and security for @getvymo , a fintech platform serving 70+ global financial institutions with 150 developers and 500+ repositories. Before Codacy, security checks happened twice a year. Audit prep alone took 4 weeks. Remediation took 2–3 months. Now security is embedded across every stage of the SDLC: IDE, pull request, and release. Codacy was chosen over SonarQube, Semgrep, GitHub Advanced Security, and AquaSec. The deciding factors? The best native Bitbucket support, combined code quality and security in one platform, and a team that was genuinely engaged throughout the evaluation. Read full customer story blog.codacy.com/how-vymo-embed…

"You should not let any commits go unreviewed. Naughty, naughty, naughty." Dana Lawson, CTO of @Netlify , on the latest AI Giants. Need guiding principles for coding with AI? Dana has plenty. Here’s a summary: - Keep PRs small. If a human can't read it in one sitting, it's too big. - Don't let Claude check Claude. Use a different model, a different agent, or a human. Same model, same blind spots. - Don't LGTM a 1,000-line AI PR in 10 minutes. We all know you didn't read it. - You need two reviews if you're SOC2 compliant. - Treat AI commits like any other commit. The bar doesn't move because a machine wrote it. - Don't skip tests because shipping felt good. Vibe coding is fun; flaky prod is not. - Best practices didn't expire when agents arrived. 🧾 Listen to them in context; full episode: youtube.com/watch?v=-q3k3E…

English is the S-tier programming language now. Dana Lawson (Netlify CTO) on Agent Experience replacing Developer Experience, the death of “LGTM,” and why flaky tests are still ruining everyone’s day. Thanks @jaimefjorge and @Codacy for the convo: youtube.com/watch?v=-q3k3E…

@Netlify @jaimefjorge 🫶

SonarCloud charged by lines of code, and was a nightmare to roll out at scale. So LSports switched to Codacy. Two years later: test coverage up from 7% to 70%, and zero new critical security issues. Worth a read if you want to move away from SonarQube👇 blog.codacy.com/how-lsports-we…

It's "almost foolish" to run AI through your SDLC unchecked. Netlify CTO Dana Lawson thinks we should keep humans in the loop on security reviews, privacy, data and governance. The risk of getting it wrong in there is too high to leave to 𝚌̶𝚑̶𝚊̶𝚗̶𝚌̶𝚎̶ probability.

⚙️ VS Code started as a 10-person team building an editor. Ten years later, it’s used by millions of developers, supports 90K+ extensions, and has become a foundation many AI tools build on. In this behind-the-scenes conversation with @codacy, we talk about the early pivots between web and desktop, the bet on open source, why performance and core editing still matter as much as AI, and how agents are starting to shape what comes next. 📖 Read the full interview: blog.codacy.com/how-vs-code-qu…

@code We loved having you on, @IsidorN & @code 🫶 Oct 2025 feels like 5y ago these days, we should do another one soon

Dana Lawson, @Netlify's CTO, told me her S-tier programming language. It's not Rust. It's not TypeScript. It's English. The biggest takeaways from my interview with @dana_lawson on AI agents, the death of the "LGTM," and why your flaky tests still aren't fixed: 1. "𝗔𝗴𝗲𝗻𝘁 𝗘𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲" 𝗶𝘀 𝗿𝗲𝗽𝗹𝗮𝗰𝗶𝗻𝗴 "𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿 𝗘𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲," and most platforms aren't ready. Netlify now designs APIs assuming the user on the other end isn't human. An agent catches an error, reads the code, writes the fix, pushes a PR, and merges it with guardrails in place. You might never know there was a bug. The error workflow that used to end at a dashboard now ends at a self-healing loop. If your platform still assumes a human is reading the alert, you're building for the last decade. 2. 𝗗𝗼𝗻'𝘁 𝗹𝗲𝘁 𝗖𝗹𝗮𝘂𝗱𝗲 𝗿𝗲𝘃𝗶𝗲𝘄 𝗖𝗹𝗮𝘂𝗱𝗲. Use Claude and Codex to check each other. Dana's rule for AI code review: cross-model verification, always. The same model verifying its own output is the AI equivalent of the developer who reviews their own PR. The principle hasn't changed. The actors have. 3. 𝗔𝗜 𝗱𝗶𝗱𝗻'𝘁 𝗸𝗶𝗹𝗹 𝘀𝗽𝗲𝗰𝗶𝗮𝗹𝗶𝘇𝗮𝘁𝗶𝗼𝗻. It killed the friction between specialists. The "everyone becomes a generalist" take is wrong. What Dana actually sees: database engineers are still database engineers, just faster. Front-end developers can now connect the dots to the backend without switching careers. Agents didn't flatten expertise. They removed the walls between experts. The deep nerds got deeper. 4. 𝗧𝗵𝗲 𝗺𝗼𝘀𝘁 𝘂𝗻𝗱𝗲𝗿 𝗮𝗽𝗽𝗿𝗲𝗰𝗶𝗮𝘁𝗲𝗱 𝗽𝗿𝗼𝗯𝗹𝗲𝗺 𝗶𝗻 𝘀𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗲𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 𝗶𝘀 𝘀𝘁𝗶𝗹𝗹 𝗳𝗹𝗮𝗸𝘆 𝘁𝗲𝘀𝘁𝘀. Dana has been ranting about flaky tests for years. AI was supposed to fix them. It hasn't. Nobody puts "fix flaky tests" at the top of their morning. It's always end-of-month, low-priority work. Meanwhile, AI-generated commits are getting bigger and shipping to main because vibe coding makes it feel so good to just commit. We built AI to do the work we don't want to do. Code hygiene IS that work. 5. 𝗔𝗜-𝗴𝗲𝗻𝗲𝗿𝗮𝘁𝗲𝗱 𝗣𝗥𝘀 𝗮𝗿𝗲 𝗴𝗼𝗶𝗻𝗴 𝘂𝗻𝗿𝗲𝘃𝗶𝗲𝘄𝗲𝗱 𝗮𝗻𝗱 𝗶𝘁'𝘀 𝗮 𝘁𝗶𝗰𝗸𝗶𝗻𝗴 𝘁𝗶𝗺𝗲 𝗯𝗼𝗺𝗯. GitHub flagged the slop problem. Dana has seen "LGTM" rubber stamps on thousand-line AI-generated PRs ten minutes after submission. Nobody reviewed that code. Her fix: break AI output into human-readable chunks, use a different agent for first-pass review, and never merge immediately. Bake it. If you're SOC compliant, you need two reviews. Not one. Two. 6. 𝗬𝗼𝘂𝗿 𝗻𝗲𝘅𝘁 𝗵𝗶𝗿𝗲'𝘀 𝗺𝗼𝘀𝘁 𝗶𝗺𝗽𝗼𝗿𝘁𝗮𝗻𝘁 𝘀𝗸𝗶𝗹𝗹 𝗶𝘀𝗻'𝘁 𝗰𝗼𝗱𝗶𝗻𝗴. 𝗜𝘁'𝘀 𝗰𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻. Dana's concrete hiring filter: high communicators who don't burn tokens with ambiguity. Every "nope, that's not what I meant" is a failed prompt. Every vague instruction is wasted money. The best future product owners might be journalists and English majors who can get the point across in three sentences instead of thirty. The irony: creative types tend to be verbose. Verbosity costs credits. 7. 𝗧𝗵𝗲 𝗽𝗹𝗮𝗰𝗲𝘀 𝘁𝗼 𝘀𝘁𝗮𝗿𝘁 𝗲𝘅𝗽𝗲𝗿𝗶𝗺𝗲𝗻𝘁𝗶𝗻𝗴 𝘄𝗶𝘁𝗵 𝗔𝗜 𝗮𝗿𝗲 𝘁𝗵𝗲 𝘁𝗮𝘀𝗸𝘀 𝗻𝗼𝗯𝗼𝗱𝘆 𝘄𝗮𝗻𝘁𝘀 𝘁𝗼 𝗱𝗼. 𝗙𝗹𝗮𝗸𝘆 𝘁𝗲𝘀𝘁𝘀. Dependency upgrades. Version migrations where one API call changed and you used it 300 times. These are repeatable, safe, controlled, and not touching production. You don't need permission to experiment with the boring stuff. And the prompting patterns are identical to the ones that matter. 8. 𝗞𝗲𝗲𝗽 𝗳𝗿𝗶𝗰𝘁𝗶𝗼𝗻 𝗲𝘅𝗮𝗰𝘁𝗹𝘆 𝘄𝗵𝗲𝗿𝗲 𝗶𝘁'𝘀 𝗮𝗹𝘄𝗮𝘆𝘀 𝗺𝗮𝘁𝘁𝗲𝗿𝗲𝗱: 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆, 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲, 𝗮𝗻𝗱 𝗱𝗮𝘁𝗮 𝗴𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲. Dana isn't an "unleash everything" CTO. It would be foolish to remove all human checkpoints right now. Maybe in the future it'll be foolish to keep them. But automation bias is real. Code written by AI, reviewed by AI, approved by AI, shipped by AI. That pipeline needs humans at the gates. We're not there yet. 9. 𝗜𝗻 𝗳𝗶𝘃𝗲 𝘆𝗲𝗮𝗿𝘀 𝗻𝗼𝗯𝗼𝗱𝘆 𝘄𝗶𝗹𝗹 𝗰𝗮𝗿𝗲 𝗮𝗯𝗼𝘂𝘁 𝗳𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸𝘀. They'll care about the planet. Dana's prediction: sustainability, energy costs, and whether we can power all of this without destroying the environment will be the defining engineering challenge. Performance optimization and efficiency will matter more than which frontend framework you chose. MCP is "a cute protocol, but it's not solving how information traverses time and space." 10. 𝗧𝗵𝗲 𝗿𝗲𝗮𝗹 𝘂𝗻𝗹𝗼𝗰𝗸 𝗶𝘀𝗻'𝘁 𝗳𝗲𝘄𝗲𝗿 𝗽𝗲𝗼𝗽𝗹𝗲 𝗱𝗼𝗶𝗻𝗴 𝗺𝗼𝗿𝗲. It's more people building things they never could. Dana pushes back hard on the "AI means layoffs" framing. Her vision: enable everyone so more people build more things, not squeeze headcount. Someone who thought they could never build an app now can. Being good stewards of that is our job. In her words: "doing Legos with somebody else is always funner than doing Legos alone." 11. (About AI proficiency..) 𝗦𝘁𝗼𝗽 𝘀𝗮𝘆𝗶𝗻𝗴 𝘆𝗼𝘂 𝗱𝗼𝗻'𝘁 𝗵𝗮𝘃𝗲 𝘁𝗶𝗺𝗲. You have 20 minutes. Dana's message to anyone who says they can't learn AI: "Give me a break. Everybody got 20 minutes." Bite-size it. Align it to why you care. Mortgage, promotion, curiosity. But if you're in technology and you're not embracing this, you're in the wrong field. You don't need to know every bot, every acronym. Filter the noise. And disconnect sometimes. Go for a run. 12. 𝗧𝗵𝗲 𝗽𝗮𝘁𝘁𝗲𝗿𝗻𝘀 𝗼𝗳 𝗵𝗼𝘄 𝘄𝗲 𝗹𝗲𝗮𝗱 𝗲𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 𝘁𝗲𝗮𝗺𝘀 𝗮𝗿𝗲 𝗯𝗿𝗲𝗮𝗸𝗶𝗻𝗴, 𝗮𝗻𝗱 𝘁𝗵𝗮𝘁'𝘀 𝗮 𝗴𝗼𝗼𝗱 𝘁𝗵𝗶𝗻𝗴. Dana ran engineering at GitHub through the Microsoft acquisition. Reorged "a million times" in three years. Her lesson: how you think about engineering organizations today will be different in six months. The frameworks we used 18 months ago don't apply. The only constant is that leaders who stay curious and open-minded survive. The ones who take hard lines against AI while others ship 10x faster don't.

"Every day I wake up and I'm like, how is this my life? How did I get here?" That's Dana Lawson, CTO of @Netlify, reflecting on her unconventional journey, from aspiring artist to US Army to supporting SaaS before most people knew what it was, to VP of Engineering at GitHub, and now leading one of the most important web platforms. In our latest episode, Dana brings this same refreshing honesty to an energetic conversation about the future of engineering in the AI era: → Agent Experience (AX): Why agents are becoming first-class API consumers and what that means for how we design systems, auth, and observability → How agents are making frontend/backend distinctions less relevant for building, while specialists remain critical for architecture and security decisions → Why humans will remain essential for business context, edge cases, and quality judgment for the next 5+ years. Agents execute, humans decide. → Soft skills over hard skills: “If you can't explain what you need, agents can't help you." Communication and context translation are becoming more valuable than raw coding ability. → Where to keep humans in the loop (code review, security gates) and how to avoid "automation bias" when AI generates and reviews code →Where Netlify, Vercel, and Cloudflare are headed by 2027. Platforms enabling agent interaction will win. → S-Tier Programming Language - English. Yes, really. Full episode: youtube.com/live/-q3k3E5FZ…

We're live 🔴 x.com/i/broadcasts/1…

In 1 hour we are going live with Dana Lawson, CTO at @Netlify to talk about: - How the Agent Experience (AX) is the new UX - If the Frontend/Backend divide is becoming obsolete - Why soft skills now outweigh coding ability See you there 🤙 x.com/i/broadcasts/1…

Only 24h left until our next AI Giants live interview with @Netlify CTO Dana Lawson. Dana has moved from leading engineering at @github to the center of the no-ops movement at Netlify. Now, she is betting on a future where Agent Experience (AX) replaces the traditional developer workflow. We are sitting down to discuss the death of specialization and why soft skills are becoming more valuable than raw execution. What we will cover: - How the Agent Experience (AX) is the new UX - Is the Frontend/Backend divide becoming obsolete? - Why soft skills now outweigh coding ability 📅 February 5 🎙 Live interview 🎟 Free registration Join us live 👇 x.com/i/broadcasts/1…

@Netlify 🫡

Yes. Dana Lawson is joining @codacy next Thursday! If you have tough questions about AI, infra, and how we ship faster without extra ops overhead, drop them here and tune in. 👇

The latest AI Giant episode with @vercel CTO Malte Ubl @cramforce was packed with spicy, hot takes and here are just some of them: - v0's real competitor isn't Cursor or Copilot; it's Microsoft Word and the PRD-to-developer handoff. Product managers throwing specs over the fence and waiting 6 weeks? That's what v0 is replacing. - Plot twist: it's not junior devs that should worry about AI. It's senior developers "5+ years into their job and set in their ways." Meanwhile, Vercel's interns are "giving full-time devs a run for their money." - Build time is the only metric that matters. At 30 seconds you wait. At 10 minutes you context-switch and forget. The difference compounds fast. - AI costs won't spiral: "This is computers doing work. We as a species are extremely good at making computers better." Plus market competition keeps driving costs down. - Vercel loves when people build competing Next.js hosting services. "It's better to grow the pie than to say all the pie is ours." - How v0 actually happened: First attempts at AI-generated websites were "garbage." Then someone cracked it: "Guys. I have it. I told it to use Tailwind." That moment enabled v0's launch. Click for the full interview and recap. blog.codacy.com/the-real-compe…

AI Giants S02E03 is around the corner. Next Thursday, we are sitting down with Dana Lawson, CTO of @Netlify, to learn about the engineering behind Netlify's use of AI to simplify infrastructure and allow teams to push ideas to the web faster without operational overhead. Come tune in and bring your toughest questions for Dana 👇 x.com/i/broadcasts/1…

We keep hearing the idea that “code is no longer a moat”. But Vercel CTO Malte @cramforce thinks maybe it never really was. In this AI Giants clip, he challenges a belief a lot of software companies still cling to: that shipping more code somehow protects you. What actually matters is iteration velocity. How quickly you can ship, learn, change direction if necessary, and ship again. “Software, in a way, is just a side effect of it”

Biggest takeaways/nuggets from my 𝗶𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝘄𝗶𝘁𝗵 @cramforce (@vercel's 𝗖𝗧𝗢) on 𝗔𝗜-𝗻𝗮𝘁𝗶𝘃𝗲 𝘀𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗲𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 and 𝗩0/𝗩𝗲𝗿𝗰𝗲𝗹: 1. 𝗟𝗲𝘁'𝘀 𝗹𝗼𝗼𝗸 𝗮𝗴𝗮𝗶𝗻 𝗮𝘁 𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝘀𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗯𝗮𝗰𝗸𝗹𝗼𝗴𝘀. "If you're in a real company where engineering is something you fight for, where you're waiting for your app to finally be developed three years after you first requested it, those companies can now make these apps three years earlier." Who needs roadmap queues when software can be developed so much quicker? 2. 𝗝𝘂𝗻𝗶𝗼𝗿𝘀 𝗮𝗿𝗲 𝗻𝗲𝗲𝗱𝗲𝗱 𝗶𝗻 𝗩𝗲𝗿𝗰𝗲𝗹. 𝗕𝘂𝘁 𝗔𝗜 𝗽𝗿𝗼𝗳𝗶𝗰𝗶𝗲𝗻𝗰𝘆 𝗶𝘀 𝗻𝗼𝘄 𝗲𝘅𝗽𝗲𝗰𝘁𝗲𝗱 𝗮𝘁 𝗲𝘃𝗲𝗿𝘆 𝗹𝗲𝘃𝗲𝗹. No plans to reduce the junior pipeline. But the filter is changing. If you're entering the workforce without AI fluency, you're behind. 3. 𝗧𝗵𝗲 𝗰𝗿𝗶𝗺𝗶𝗻𝗮𝗹𝗹𝘆 𝘂𝗻𝗱𝗲𝗿𝗮𝗽𝗽𝗿𝗲𝗰𝗶𝗮𝘁𝗲𝗱 𝘁𝗲𝗰𝗵 𝗿𝗶𝗴𝗵𝘁 𝗻𝗼𝘄: 𝗱𝘂𝗿𝗮𝗯𝗹𝗲 𝗰𝗼𝗺𝗽𝘂𝘁𝗲 𝗮𝗻𝗱 𝘄𝗼𝗿𝗸𝗳𝗹𝗼𝘄 𝗮𝗯𝘀𝘁𝗿𝗮𝗰𝘁𝗶𝗼𝗻𝘀. With AI agents doing more business automation, we need reliable backend code everywhere. Most engineers wait for the first outage to implement it. 4. 𝗩0'𝘀 𝗿𝗲𝗮𝗹 𝗰𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗼𝗿 𝗶𝘀 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗪𝗼𝗿𝗱, 𝗻𝗼𝘁 𝗖𝘂𝗿𝘀𝗼𝗿. "You're writing this PRD [product requirement doc], throw it over the fence to a developer, they come back 6 weeks later and say 'actually you misunderstood me.' Instead you come with a working app.". Product managers shipping prototypes before the meeting ends don't need the roadmap queue. 5. 𝗩0'𝘀 𝗯𝗿𝗲𝗮𝗸𝘁𝗵𝗿𝗼𝘂𝗴𝗵 𝗰𝗮𝗺𝗲 𝗳𝗿𝗼𝗺 𝘀𝘁𝗮𝗿𝘁𝗶𝗻𝗴 𝘁𝗼 𝘂𝘀𝗲 𝘁𝗮𝗶𝗹𝘄𝗶𝗻𝗱. There was a before and after moment when the V0 team decided to start using Tailwind. Fundamental to V0's breakthrough was @cramforce's mantra: "Iteration velocity solves all known problems." 6. 𝗔𝗴𝗲𝗻𝘁 𝗳𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸𝘀 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝘂𝗻𝗼𝗽𝗶𝗻𝗶𝗼𝗻𝗮𝘁𝗲𝗱. Why? "Nobody knows how to build agents." If you built an opinionated agent framework in summer 2024, you've already realized it's all wrong. AI SDK gives you functions. You compose them. 7. 𝗧𝗵𝗲 𝗖𝗧𝗢'𝘀 𝗽𝗮𝗿𝗮𝗻𝗼𝗶𝗮: "I've been paranoid about losing touch with reality, of just being a suit." So he codes. A lot. With AI writing code for him too. The legends are coming back to ship.

They say TV adds 10lbs but this is too much, @sequel_io and @X :')

We are going live in 3 hours ⌛ Pull up for some spicy takes on the future of front-end from @vercel CTO @cramforce himself. x.com/i/broadcasts/1…