Computer Systems Design and Related Services2026Generative AIMachine Learning (classification)B2B
ihomer

ihomer cuts duplicate code 20% and achieves zero critical AI-code vulnerabilities with Codacy Guardrails

Netherlands-based EV charging software provider ihomer deployed Codacy to govern AI-generated code, achieving a 20% reduction in duplicate code across key repositories, zero outstanding critical vulnerabilities from AI-assisted code, and 50%+ developer adoption of AI guardrails in daily workflow.

Duplicate code reduction20%
Developer AI guardrails adoption50% of team
Projects on unified platform100%
4 min read

Background

ihomer's engineering team increasingly relied on AI coding assistants (GitHub Copilot) to accelerate development, but AI-generated code carried inherent risks: it could violate security policies, introduce vulnerabilities, or generate duplicate code if not actively governed. The company needed a solution that could enforce coding standards in real time, at the moment code was generated in the IDE, rather than waiting for late-stage CI pipeline checks or human code review.

What Was Implemented

  • Deployed Codacy Guardrails IDE plugin in Visual Studio Code, connected to GitHub Copilot via MCP server, to scan and auto-fix AI-generated code in real time as it is written
  • Migrated all repositories from SonarCloud to Codacy platform for unified quality and security scanning (100% project coverage)
  • Established company-wide coding policies enforced automatically at the IDE level, with per-project adjustments allowed
  • Created an internal Slack knowledge-sharing channel for Guardrails rules and customization tips

Results

ihomer achieved a 20% reduction in duplicate code across key repositories. The team reached zero outstanding critical vulnerabilities from AI-generated code, with Guardrails flagging and helping fix all security issues before merge. 100% of projects moved to unified Codacy scanning. More than 50% of developers actively adopted the AI coding assistant plus Guardrails workflow in daily work (up from 0%). Van Leth reported that developers spent far less time on linting issues and that the development process became "more streamlined and effective."

Lessons

  • Shifting static analysis into the IDE, triggered at code-generation time, prevents the accumulation of security debt that pipeline-stage checks address too late.
  • Integrating governance tooling with the AI coding assistant (via MCP) rather than as a separate step reduces friction to near zero.
  • Pricing changes by incumbent vendors (SonarQube) create windows for competitive displacement; challenger vendors with equivalent coverage at lower cost can achieve rapid full-deployment.
  • Developer-led adoption (early champions sharing tips via Slack) drove organic team-wide adoption faster than top-down rollout would have.
  • In ISO 27001 environments, IDE-level AI guardrails provide an auditable compliance layer for AI-generated code.

Ready to implement AI in your commerce operations?

McFadyen Digital helps teams move from case study to live implementation.

Talk to an expert →