Code Radar gives developers, coding agents, and GitHub Actions one local-first quality gate for security, dependencies, secrets, and AI-generated code risk.
radar scan . --quick src/api/payments.ts:42 services/auth/.env:12 Cargo.lock 1 critical, 2 high. SARIF uploaded to code scanning.
scan_project_summary explain_finding run_quality_gate
Enterprise buyers do not need another security scanner claim. They need to know where it runs, what it sends, how it fails, and what evidence reviewers get.
Use Radar before code reaches a hosted review service.
Repository slots and GitHub Actions validation protect paid plans from shared keys.
Designed for macOS, Windows, Linux, and GitHub-hosted runners.
Every finding carries severity, location, reason, fix path, and export formats.
The same scan engine powers the CLI cockpit, MCP tools, and GitHub Actions quality gates, so findings do not change shape between developer workflow and pull request enforcement.
Run fast or full scans before commit, inspect findings, export reports, and keep cache local.
radar scan . --quickExpose project summaries and findings to Codex, Claude, Cursor, and other MCP clients.
radar mcp install allFail risky pull requests, publish SARIF, and leave reviewers with a short action plan.
radar scan . --format sarif --fail-on highRadar adds the small surfaces developers actually use after the first scan: local hooks, trend history, badges, and agent-ready repair prompts.
Block high-risk findings before they become commits.
radar hook install Track whether security, code health, and slop scores are improving.
radar trend Publish the latest local Radar signal without a hosted dashboard.
radar badge Give coding agents scoped repair context tied to real findings.
radar prompt . --diff --copy Radar focuses on the risks AI coding accelerates: unsafe data flow, committed secrets, vulnerable dependencies, generated-code duplication, oversized files, and missing review evidence.
SEC-SQLI-001: untrusted input reaches raw SQL
SECRET-KEY-001: API token committed in config
SCA-GHSA: vulnerable transitive package
SLOP-DUP-001: duplicate block detected
SLOP-SIZE-001: oversized source file
radar scan . --format sarif --fail-on high
A Radar report is not just a score. It includes file locations, severity, why the finding matters, how to fix it, and export formats for CI or code scanning.
SEC-SQLI-001 Untrusted input reaches raw SQL construction src/api/payments.ts:42 SECRET-KEY-001 Hardcoded token committed in configuration services/auth/.env:12 SCA-GHSA-9422 Vulnerable transitive dependency in lockfile Cargo.lock SLOP-SIZE-001 Oversized source file is hard to review safely src/routes/admin.ts:1 Radar is built around local execution, explicit entitlement validation, hashed licensing data, and portable reports. The product should be inspectable before a team relies on it in CI.
Solo is local-only. Pro and Studio add repository slots for GitHub Actions and broader agent/CI workflows.
Start locally, activate a license, add MCP tools, then enforce the same checks in CI when the repository is ready.
Install Radar, run a fast scan, inspect the report, and add MCP or GitHub Actions only when that workflow needs enforcement.
radar scan . --quick
radar mcp doctor
radar scan . --format sarif --fail-on highRun Radar locally, give agents deterministic findings, and block risky pull requests with the same evidence.