A curated list of the best code review tools, platforms, and automation for modern development teams — from AI-powered agents to static analysis and linters.
Maintainer Note: This list is curated and maintained by the engineering team at Kodus. We love open source and building better devtools.
- AI-Powered Code Review Tools
- Static Analysis & Linters
- Security-Focused Code Review
- IDE Assistants & Copilots
- CLI & Local Workflows
- Code Review Platforms
- Benchmarks & Research
Tools that use AI/LLMs to review Pull Requests, comment on code, and suggest fixes automatically.
Note: This list is not intended to compare tools; as maintainers of Kodus, we are biased.
-
Kodus (⭐ Maintainer) An AI code review agent focusing on high-signal feedback. It allows teams to define custom review guidelines (using plain English) to enforce architectural patterns and best practices, reducing noise in the review process.
-
CodeRabbit — Provides line-by-line feedback on pull requests and generates summaries of changes. Features a chat interface within the PR to discuss the feedback with the AI.
-
Greptile — An AI engine that indexes the entire codebase to understand context. It focuses on answering complex questions about the repo and reviewing code with full-repository awareness.
-
Cursor Bugbot — AI-powered PR review that runs automatically to catch real bugs and security issues with a low false-positive rate.
Traditional and AI-enhanced tools for enforcing code quality, style, and correctness.
- ESLint — The standard pluggable linter for JavaScript and TypeScript.
- Pylint — Source code analyzer for Python that checks for errors, coding standards, and code smells.
- RuboCop — Ruby static code analyzer and formatter based on the community Ruby style guide.
- SonarQube — Continuous inspection platform for code quality and security across 30+ languages.
- PMD — Cross-language static analyzer that finds common programming flaws in Java, Apex, and more.
- Checkstyle — Development tool to help write Java code that adheres to a coding standard.
Tools focusing specifically on vulnerabilities, SAST, and secure code review.
- Snyk DeepCode — AI-powered engine to find security flaws faster than traditional static analysis.
- Semgrep — Combines rule-based static analysis with AI to reduce false positives in security scanning.
- CodeQL — GitHub's semantic code analysis engine for finding vulnerabilities across codebases.
- Bandit — Security-focused static analyzer designed to find common issues in Python code.
- Brakeman — Static analysis security tool for Ruby on Rails applications.
Tools that integrate with editors or local environments for autocomplete, chat, and agentic coding.
- GitHub Copilot — The standard AI pair programmer for autocomplete, chat, and inline edits.
- Cursor — AI-first code editor with built-in chat, autocomplete, and agent workflows.
- Claude Code — Claude's coding agent for terminal, IDE, and web workflows that can manage large codebases and implement changes.
- OpenAI Codex — OpenAI's coding agent that can read, modify, and run code, available as a VS Code extension with optional cloud delegation.
- Google Antigravity — Agent-first IDE with tab autocomplete, natural language commands, and cross-surface agents across editor, terminal, and browser.
- Kilo Code — Open-source agentic engineering platform with IDE/CLI support, tab autocomplete, and multi-agent orchestration.
- Cline — Autonomous IDE agent that can create/edit files, run commands, and use the browser with user approval.
- OpenCode — Open-source coding agent for terminal, IDE, or desktop with multi-session workflows and broad model support.
Command-line tools for local code review and developer workflows.
- Aider — AI pair programming in your terminal.
- Mentat — Coordinate edits across multiple files using command line.
- OpenCommit — Generates semantic git commit messages automatically.
- Reviewdog — Automated code review tool that posts review comments from any linter output.
- danger — Automates common code review chores by running rules during CI.
Platforms and services built specifically for the code review workflow.
- GitHub Pull Requests — Built-in code review with inline comments, suggestions, and review assignments.
- GitLab Merge Requests — Integrated review workflow with approvals, threads, and CI integration.
- Gerrit — Web-based code review tool for Git, used by large open-source projects like Android and Chromium.
- Phabricator — Suite of open-source tools for code review, project management, and repository hosting.
- Crucible — Atlassian's code review tool for Git, SVN, and Perforce repositories.
Benchmarks and key papers on code review automation.
- Code Review Benchmark — Comprehensive evaluation of LLM performance in AI-powered code review tasks.
- SWE-bench — Evaluation framework for language models on real-world software engineering issues.
- HumanEval — OpenAI's dataset for evaluating code generation capabilities.
- Lessons from Building Static Analysis Tools at Google — Why low false-positive rates are crucial for adoption of automated review tools.
Contributions are welcome! Please read the contribution guidelines first. If you are a founder or maintainer of a tool listed here and want to update your description, feel free to open a PR.
