A security reviewer that stays focused on the change.

What you get out of the box

• GitLab integration for cloud and self-hosted instances.
• Automatic review on push, merge request, manual run, or CI trigger.
• Clear findings with severity, file, line, explanation, and next step.
• Per-repository memory — mark a finding as accepted once with a note about your internal rule, and CodeGuards silences the same pattern on that repo from then on.
• Workspace dashboard, security report, and per-scan history.
• A setup that stays lightweight for developers and readable for leadership.

not in scope

• Whole-repository SAST replacement.
• Dependency or package scanning.
• IDE plugins or local agents.

Triggers

CodeGuards supports the same four entry points across the product:

• push events from a GitLab webhook.
• merge_request open and update events.
• Manual "Scan now" from the repository page.
• POST /api/scans/ci from a pipeline.

What each review includes

For every scan, CodeGuards works with:

• Commit metadata such as sha, branch, author, and message.
• The diff for the change being reviewed.
• Changed file paths and related repository context.
• The active review settings for that repository.

Results are stored as structured findings and reports inside your workspace, so teams can review trends over time instead of losing context in chat threads and MR comments.