ihomer cuts duplicate code 20% and achieves zero critical AI-code vulnerabilities with Codacy Guardrails
Netherlands-based EV charging software provider ihomer deployed Codacy to govern AI-generated code, achieving a 20% reduction in duplicate code across key repositories, zero outstanding critical vulnerabilities from AI-assisted code, and 50%+ developer adoption of AI guardrails in daily workflow.
Background
ihomer's engineering team increasingly relied on AI coding assistants (GitHub Copilot) to accelerate development, but AI-generated code carried inherent risks: it could violate security policies, introduce vulnerabilities, or generate duplicate code if not actively governed. The company needed a solution that could enforce coding standards in real time, at the moment code was generated in the IDE, rather than waiting for late-stage CI pipeline checks or human code review.
What Was Implemented
- Deployed Codacy Guardrails IDE plugin in Visual Studio Code, connected to GitHub Copilot via MCP server, to scan and auto-fix AI-generated code in real time as it is written
- Migrated all repositories from SonarCloud to Codacy platform for unified quality and security scanning (100% project coverage)
- Established company-wide coding policies enforced automatically at the IDE level, with per-project adjustments allowed
- Created an internal Slack knowledge-sharing channel for Guardrails rules and customization tips
Results
ihomer achieved a 20% reduction in duplicate code across key repositories. The team reached zero outstanding critical vulnerabilities from AI-generated code, with Guardrails flagging and helping fix all security issues before merge. 100% of projects moved to unified Codacy scanning. More than 50% of developers actively adopted the AI coding assistant plus Guardrails workflow in daily work (up from 0%). Van Leth reported that developers spent far less time on linting issues and that the development process became "more streamlined and effective."
Lessons
- Shifting static analysis into the IDE, triggered at code-generation time, prevents the accumulation of security debt that pipeline-stage checks address too late.
- Integrating governance tooling with the AI coding assistant (via MCP) rather than as a separate step reduces friction to near zero.
- Pricing changes by incumbent vendors (SonarQube) create windows for competitive displacement; challenger vendors with equivalent coverage at lower cost can achieve rapid full-deployment.
- Developer-led adoption (early champions sharing tips via Slack) drove organic team-wide adoption faster than top-down rollout would have.
- In ISO 27001 environments, IDE-level AI guardrails provide an auditable compliance layer for AI-generated code.