Code Radar LOCAL QUALITY GATE
GitHub Install Radar

Rules that explain what failed and why it matters.

Code Radar groups findings into review lanes: security, secrets, dependencies, code health, AI slop, and architecture. Each finding carries severity, location, rationale, and fix guidance.

Rules docs Security scanner

Rule lanes

The rule catalog is designed for review decisions, not vanity counts. Use categories to decide what blocks a merge, what becomes cleanup, and what agents can fix safely.

Security

Injection, risky auth, traversal, unsafe APIs.

SEC-SQLI-001: untrusted input reaches raw SQL

Secrets

Hardcoded tokens, env leaks, private keys.

SECRET-KEY-001: API token committed in config

Dependencies

RustSec, GHSA, lockfiles, supply-chain risk.

SCA-GHSA: vulnerable transitive package

Code health

Duplication, large files, complexity, dead code.

SLOP-DUP-001: duplicate block detected

AI slop

Brittle generated code and low-signal changes.

SLOP-SIZE-001: oversized source file

Reports

Terminal, SARIF, JSON, and HTML evidence.

radar scan . --format sarif --fail-on high

Representative rules

Exact coverage evolves with the native rule pack, but the rule surface is intentionally inspectable from the CLI.

Rule Lane Signal Severity
SEC-SQLI-001 Security Untrusted input reaches raw SQL construction critical/high
SECRET-KEY-001 Secrets Hardcoded token or private credential in source critical/high
SCA-GHSA-* Dependencies Known vulnerable dependency from supported lockfiles critical-info
SLOP-DUP-001 Code health Duplicate code block that increases review risk medium
SLOP-SIZE-001 AI slop Oversized generated file or change surface info/medium
ARCH-LAYER-001 Architecture Layer boundary or dependency direction issue medium

Inspect rules from the CLI

Developers can inspect categories before tuning policy or deciding what should fail CI.

Catalog commands

List built-in rules, include rule-pack entries, and explain a specific finding.

radar rules --category security
radar rules --severity high
radar rules --pack
radar explain SEC-SQLI-001

Policy workflow

Use the catalog to tune thresholds without hiding risky findings from reviewers.

radar policy effective --json
radar scan . --fail-on high
radar verify . --since main