Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mergeguide.ai/llms.txt

Use this file to discover all available pages before exploring further.

MergeGuide Documentation

MergeGuide enforces code policies across your development workflow. Every commit and pull request runs through 1,099 detection rules across 15 languages. Security findings appear where developers work — VS Code, Git, GitHub, GitLab, Bitbucket, Azure DevOps.

How It Works

Real-time feedback (IDE) — VS Code extension catches violations as you type. Git-level enforcement — Pre-commit hooks block policy violations before they ever reach a PR. PR gate (all 4 SCM platforms) — Evaluation results post inline on every pull request. Violations are flagged with remediation guidance. Compliance export — Evidence flows to your auditor as NIST OSCAL v1.1.2 or SBOM (CycloneDX / SPDX).

Enforcement Layers

WhereToolWhen
Code editorVS Code ExtensionAs you type
AI assistantsMCP ServerCode generation
Local commitsGit hooksPre-commit, pre-push
Pull requestsWebhook gateAll 4 SCM platforms

Compliance Frameworks

24 total: Security: NIST SSDF, OWASP Top 10, OWASP ASVS L1/L2, CWE Top 25, CIS Controls, SLSA Regulatory: SOC 2, HIPAA, PCI-DSS, ISO 27001, GDPR, FedRAMP, StateRAMP Emerging: EU AI Act, DORA, NIS2, Colorado AI Act

Detection Rules

  • 1,099 total detection rules
  • 130 regex patterns (known vulnerabilities)
  • 969 Semgrep AST rules (taint analysis, data flow)
  • 15 languages: Python, JavaScript, TypeScript, Java, Go, PHP, Ruby, C#, Kotlin, Swift, Rust, C, C++, Terraform, Dockerfile

Quick Start

# Install the CLI
pip install mergeguide

# Authenticate
mergeguide login

# Run your first check
mergeguide check
Continue to Quick Start Guide →

Documentation Sections

SectionDescription
Getting StartedInstallation, first check, basics
Enforcement LayersVS Code, MCP Server, Git Hooks, PR Gate
ComplianceOSCAL export, SBOM, bypass tracking, PolicyMerge
Policy AuthoringCreate and customize detection policies
API ReferenceREST API documentation
IntegrationsCI/CD workflow integrations
TroubleshootingCommon issues and FAQ

Getting Help