Codacy

Generation → verification → correction. The loop AI-heavy codebases need: When an agent ships a change, an independent verification layer runs deterministic checks and returns pass/fail with reasons, and on failure the agent retries against structured feedback instead of guessing. Skip that middle step and errors compound silently across commits. Read article: blog.codacy.com/why-coding-age…

For the engineering teams quietly wondering what AI models and tools have piled up in their codebase: AI Inventory maps every model, SDK, API key, and MCP server used on the codebase, down to the file and line. Start free codacy.com/ai-inventory

"Engineering leaders know their teams are using AI tools, they just can't tell you exactly which ones, where, or how they're configured. We want every engineering organization to have that answer before anyone comes asking for it." @jaimefjorge prn.to/4tz3B9g

AI Inventory is live. It scans your connected repos and shows you every AI model, library, API key and endpoint used across your codebase. No new setup, no agents, no surveys. Now available for all paid users and new trials. → Read the full update blog.codacy.com/which-ai-tools…

Now that we've 100%ed code analysis, we are proud to embark on a new journey. Today, we’re applying our linting and scanning expertise to the tangible world. Introducing Codacy Lint ‘n’ Scan Hardware: A curated line of premium linters, scanners, and detection tools designed to solve real-world problems with the same precision we brought to your codebase. Check out our new collection: shop.codacy.com

SaaS is dead. We replaced $750/month in SaaS with $4,570 in LLM tokens. Now the team spends half their time debugging vibe-coded chaos instead of shipping. But hey… we “own the stack.”

@rakesh_nakrani @GitHubCopilot @DeepCodeAI @swimm_io @askcodi 🫶

Stop wasting time on manual code reviews Here are 5 AI tools that actually improve your code in 2026 @GitHubCopilot @DeepCodeAI @codacy @swimm_io @AskCodi

Our AI Reviewer for Pull Requests just got a significant upgrade. → Custom instructions to tune its output to your team’s preferences → Ready-to-use prompts for generating missing unit tests → ‘Run Reviewer’ button on your PR to re-trigger reviews as you commit changes Read the full update📷 blog.codacy.com/whats-new-in-c…

Kiran Kumar Badam runs engineering and security for @getvymo , a fintech platform serving 70+ global financial institutions with 150 developers and 500+ repositories. Before Codacy, security checks happened twice a year. Audit prep alone took 4 weeks. Remediation took 2–3 months. Now security is embedded across every stage of the SDLC: IDE, pull request, and release. Codacy was chosen over SonarQube, Semgrep, GitHub Advanced Security, and AquaSec. The deciding factors? The best native Bitbucket support, combined code quality and security in one platform, and a team that was genuinely engaged throughout the evaluation. Read full customer story blog.codacy.com/how-vymo-embed…

"You should not let any commits go unreviewed. Naughty, naughty, naughty." Dana Lawson, CTO of @Netlify , on the latest AI Giants. Need guiding principles for coding with AI? Dana has plenty. Here’s a summary: - Keep PRs small. If a human can't read it in one sitting, it's too big. - Don't let Claude check Claude. Use a different model, a different agent, or a human. Same model, same blind spots. - Don't LGTM a 1,000-line AI PR in 10 minutes. We all know you didn't read it. - You need two reviews if you're SOC2 compliant. - Treat AI commits like any other commit. The bar doesn't move because a machine wrote it. - Don't skip tests because shipping felt good. Vibe coding is fun; flaky prod is not. - Best practices didn't expire when agents arrived. 🧾 Listen to them in context; full episode: youtube.com/watch?v=-q3k3E…

English is the S-tier programming language now. Dana Lawson (Netlify CTO) on Agent Experience replacing Developer Experience, the death of “LGTM,” and why flaky tests are still ruining everyone’s day. Thanks @jaimefjorge and @Codacy for the convo: youtube.com/watch?v=-q3k3E…

@Netlify @jaimefjorge 🫶

SonarCloud charged by lines of code, and was a nightmare to roll out at scale. So LSports switched to Codacy. Two years later: test coverage up from 7% to 70%, and zero new critical security issues. Worth a read if you want to move away from SonarQube👇 blog.codacy.com/how-lsports-we…

It's "almost foolish" to run AI through your SDLC unchecked. Netlify CTO Dana Lawson thinks we should keep humans in the loop on security reviews, privacy, data and governance. The risk of getting it wrong in there is too high to leave to 𝚌̶𝚑̶𝚊̶𝚗̶𝚌̶𝚎̶ probability.

⚙️ VS Code started as a 10-person team building an editor. Ten years later, it’s used by millions of developers, supports 90K+ extensions, and has become a foundation many AI tools build on. In this behind-the-scenes conversation with @codacy, we talk about the early pivots between web and desktop, the bet on open source, why performance and core editing still matter as much as AI, and how agents are starting to shape what comes next. 📖 Read the full interview: blog.codacy.com/how-vs-code-qu…

@code We loved having you on, @IsidorN & @code 🫶 Oct 2025 feels like 5y ago these days, we should do another one soon

Dana Lawson, @Netlify's CTO, told me her S-tier programming language. It's not Rust. It's not TypeScript. It's English. The biggest takeaways from my interview with @dana_lawson on AI agents, the death of the "LGTM," and why your flaky tests still aren't fixed: 1. "𝗔𝗴𝗲𝗻𝘁 𝗘𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲" 𝗶𝘀 𝗿𝗲𝗽𝗹𝗮𝗰𝗶𝗻𝗴 "𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿 𝗘𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲," and most platforms aren't ready. Netlify now designs APIs assuming the user on the other end isn't human. An agent catches an error, reads the code, writes the fix, pushes a PR, and merges it with guardrails in place. You might never know there was a bug. The error workflow that used to end at a dashboard now ends at a self-healing loop. If your platform still assumes a human is reading the alert, you're building for the last decade. 2. 𝗗𝗼𝗻'𝘁 𝗹𝗲𝘁 𝗖𝗹𝗮𝘂𝗱𝗲 𝗿𝗲𝘃𝗶𝗲𝘄 𝗖𝗹𝗮𝘂𝗱𝗲. Use Claude and Codex to check each other. Dana's rule for AI code review: cross-model verification, always. The same model verifying its own output is the AI equivalent of the developer who reviews their own PR. The principle hasn't changed. The actors have. 3. 𝗔𝗜 𝗱𝗶𝗱𝗻'𝘁 𝗸𝗶𝗹𝗹 𝘀𝗽𝗲𝗰𝗶𝗮𝗹𝗶𝘇𝗮𝘁𝗶𝗼𝗻. It killed the friction between specialists. The "everyone becomes a generalist" take is wrong. What Dana actually sees: database engineers are still database engineers, just faster. Front-end developers can now connect the dots to the backend without switching careers. Agents didn't flatten expertise. They removed the walls between experts. The deep nerds got deeper. 4. 𝗧𝗵𝗲 𝗺𝗼𝘀𝘁 𝘂𝗻𝗱𝗲𝗿 𝗮𝗽𝗽𝗿𝗲𝗰𝗶𝗮𝘁𝗲𝗱 𝗽𝗿𝗼𝗯𝗹𝗲𝗺 𝗶𝗻 𝘀𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗲𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 𝗶𝘀 𝘀𝘁𝗶𝗹𝗹 𝗳𝗹𝗮𝗸𝘆 𝘁𝗲𝘀𝘁𝘀. Dana has been ranting about flaky tests for years. AI was supposed to fix them. It hasn't. Nobody puts "fix flaky tests" at the top of their morning. It's always end-of-month, low-priority work. Meanwhile, AI-generated commits are getting bigger and shipping to main because vibe coding makes it feel so good to just commit. We built AI to do the work we don't want to do. Code hygiene IS that work. 5. 𝗔𝗜-𝗴𝗲𝗻𝗲𝗿𝗮𝘁𝗲𝗱 𝗣𝗥𝘀 𝗮𝗿𝗲 𝗴𝗼𝗶𝗻𝗴 𝘂𝗻𝗿𝗲𝘃𝗶𝗲𝘄𝗲𝗱 𝗮𝗻𝗱 𝗶𝘁'𝘀 𝗮 𝘁𝗶𝗰𝗸𝗶𝗻𝗴 𝘁𝗶𝗺𝗲 𝗯𝗼𝗺𝗯. GitHub flagged the slop problem. Dana has seen "LGTM" rubber stamps on thousand-line AI-generated PRs ten minutes after submission. Nobody reviewed that code. Her fix: break AI output into human-readable chunks, use a different agent for first-pass review, and never merge immediately. Bake it. If you're SOC compliant, you need two reviews. Not one. Two. 6. 𝗬𝗼𝘂𝗿 𝗻𝗲𝘅𝘁 𝗵𝗶𝗿𝗲'𝘀 𝗺𝗼𝘀𝘁 𝗶𝗺𝗽𝗼𝗿𝘁𝗮𝗻𝘁 𝘀𝗸𝗶𝗹𝗹 𝗶𝘀𝗻'𝘁 𝗰𝗼𝗱𝗶𝗻𝗴. 𝗜𝘁'𝘀 𝗰𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻. Dana's concrete hiring filter: high communicators who don't burn tokens with ambiguity. Every "nope, that's not what I meant" is a failed prompt. Every vague instruction is wasted money. The best future product owners might be journalists and English majors who can get the point across in three sentences instead of thirty. The irony: creative types tend to be verbose. Verbosity costs credits. 7. 𝗧𝗵𝗲 𝗽𝗹𝗮𝗰𝗲𝘀 𝘁𝗼 𝘀𝘁𝗮𝗿𝘁 𝗲𝘅𝗽𝗲𝗿𝗶𝗺𝗲𝗻𝘁𝗶𝗻𝗴 𝘄𝗶𝘁𝗵 𝗔𝗜 𝗮𝗿𝗲 𝘁𝗵𝗲 𝘁𝗮𝘀𝗸𝘀 𝗻𝗼𝗯𝗼𝗱𝘆 𝘄𝗮𝗻𝘁𝘀 𝘁𝗼 𝗱𝗼. 𝗙𝗹𝗮𝗸𝘆 𝘁𝗲𝘀𝘁𝘀. Dependency upgrades. Version migrations where one API call changed and you used it 300 times. These are repeatable, safe, controlled, and not touching production. You don't need permission to experiment with the boring stuff. And the prompting patterns are identical to the ones that matter. 8. 𝗞𝗲𝗲𝗽 𝗳𝗿𝗶𝗰𝘁𝗶𝗼𝗻 𝗲𝘅𝗮𝗰𝘁𝗹𝘆 𝘄𝗵𝗲𝗿𝗲 𝗶𝘁'𝘀 𝗮𝗹𝘄𝗮𝘆𝘀 𝗺𝗮𝘁𝘁𝗲𝗿𝗲𝗱: 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆, 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲, 𝗮𝗻𝗱 𝗱𝗮𝘁𝗮 𝗴𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲. Dana isn't an "unleash everything" CTO. It would be foolish to remove all human checkpoints right now. Maybe in the future it'll be foolish to keep them. But automation bias is real. Code written by AI, reviewed by AI, approved by AI, shipped by AI. That pipeline needs humans at the gates. We're not there yet. 9. 𝗜𝗻 𝗳𝗶𝘃𝗲 𝘆𝗲𝗮𝗿𝘀 𝗻𝗼𝗯𝗼𝗱𝘆 𝘄𝗶𝗹𝗹 𝗰𝗮𝗿𝗲 𝗮𝗯𝗼𝘂𝘁 𝗳𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸𝘀. They'll care about the planet. Dana's prediction: sustainability, energy costs, and whether we can power all of this without destroying the environment will be the defining engineering challenge. Performance optimization and efficiency will matter more than which frontend framework you chose. MCP is "a cute protocol, but it's not solving how information traverses time and space." 10. 𝗧𝗵𝗲 𝗿𝗲𝗮𝗹 𝘂𝗻𝗹𝗼𝗰𝗸 𝗶𝘀𝗻'𝘁 𝗳𝗲𝘄𝗲𝗿 𝗽𝗲𝗼𝗽𝗹𝗲 𝗱𝗼𝗶𝗻𝗴 𝗺𝗼𝗿𝗲. It's more people building things they never could. Dana pushes back hard on the "AI means layoffs" framing. Her vision: enable everyone so more people build more things, not squeeze headcount. Someone who thought they could never build an app now can. Being good stewards of that is our job. In her words: "doing Legos with somebody else is always funner than doing Legos alone." 11. (About AI proficiency..) 𝗦𝘁𝗼𝗽 𝘀𝗮𝘆𝗶𝗻𝗴 𝘆𝗼𝘂 𝗱𝗼𝗻'𝘁 𝗵𝗮𝘃𝗲 𝘁𝗶𝗺𝗲. You have 20 minutes. Dana's message to anyone who says they can't learn AI: "Give me a break. Everybody got 20 minutes." Bite-size it. Align it to why you care. Mortgage, promotion, curiosity. But if you're in technology and you're not embracing this, you're in the wrong field. You don't need to know every bot, every acronym. Filter the noise. And disconnect sometimes. Go for a run. 12. 𝗧𝗵𝗲 𝗽𝗮𝘁𝘁𝗲𝗿𝗻𝘀 𝗼𝗳 𝗵𝗼𝘄 𝘄𝗲 𝗹𝗲𝗮𝗱 𝗲𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 𝘁𝗲𝗮𝗺𝘀 𝗮𝗿𝗲 𝗯𝗿𝗲𝗮𝗸𝗶𝗻𝗴, 𝗮𝗻𝗱 𝘁𝗵𝗮𝘁'𝘀 𝗮 𝗴𝗼𝗼𝗱 𝘁𝗵𝗶𝗻𝗴. Dana ran engineering at GitHub through the Microsoft acquisition. Reorged "a million times" in three years. Her lesson: how you think about engineering organizations today will be different in six months. The frameworks we used 18 months ago don't apply. The only constant is that leaders who stay curious and open-minded survive. The ones who take hard lines against AI while others ship 10x faster don't.

"Every day I wake up and I'm like, how is this my life? How did I get here?" That's Dana Lawson, CTO of @Netlify, reflecting on her unconventional journey, from aspiring artist to US Army to supporting SaaS before most people knew what it was, to VP of Engineering at GitHub, and now leading one of the most important web platforms. In our latest episode, Dana brings this same refreshing honesty to an energetic conversation about the future of engineering in the AI era: → Agent Experience (AX): Why agents are becoming first-class API consumers and what that means for how we design systems, auth, and observability → How agents are making frontend/backend distinctions less relevant for building, while specialists remain critical for architecture and security decisions → Why humans will remain essential for business context, edge cases, and quality judgment for the next 5+ years. Agents execute, humans decide. → Soft skills over hard skills: “If you can't explain what you need, agents can't help you." Communication and context translation are becoming more valuable than raw coding ability. → Where to keep humans in the loop (code review, security gates) and how to avoid "automation bias" when AI generates and reviews code →Where Netlify, Vercel, and Cloudflare are headed by 2027. Platforms enabling agent interaction will win. → S-Tier Programming Language - English. Yes, really. Full episode: youtube.com/live/-q3k3E5FZ…

We're live 🔴 x.com/i/broadcasts/1…

In 1 hour we are going live with Dana Lawson, CTO at @Netlify to talk about: - How the Agent Experience (AX) is the new UX - If the Frontend/Backend divide is becoming obsolete - Why soft skills now outweigh coding ability See you there 🤙 x.com/i/broadcasts/1…