heygrc
heygrc and Amazon Q Developer

Different jobs, same pull request.

Amazon Q Developer reviews changes and suggests fixes inside the AWS workflow, focused on the code. heygrc reads the same change for the compliance control it touches. A change can be correct and still remove the record of who touched sensitive data.

Get early accessby ISMS Copilot

Amazon Q Developer

Amazon Q Developer is AWS's AI coding assistant. It can review pull requests and suggest fixes, and is one of the AWS code-review options as CodeGuru Reviewer is retired.

heygrc

heygrc reviews each pull request against the compliance frameworks your company must meet (ISO 27001, SOC 2, GDPR, and more) and cites the specific control a change touches. It is built for compliance, not code quality.

Where they do not overlap

Correct code that stops logging access to card data.

This change removes an access-log call on an endpoint that reads cardholder data, to reduce log volume. The endpoint still works.

payments/read.ts+0 −1
export async function getCard(userId: string) {-  await accessLog.record("card.read", { userId })  return cards.findByUser(userId)}
heygrcPCI DSS Requirement 10

The endpoint still returns the data, so nothing breaks. But dropping the access log means reads of cardholder data are no longer recorded, and logging and monitoring access to cardholder data is PCI DSS Requirement 10. heygrc is built to read a change like this against the framework and cite the requirement it touches.

Use them together

Keep Amazon Q Developer. Add the compliance layer.

This is not a question of which tool wins. Amazon Q Developer catches the bugs and quality problems heygrc never looks for, and heygrc catches the compliance issues a code review is not built to see. Running both means a pull request is checked for whether the code is good and for whether the change is compliant, two different kinds of risk, on the same diff.

heygrc does not replace your code review, and it does not certify you. It reviews changes against your frameworks and cites the control, so the compliance question is answered where the change is made. heygrc is in early access.

Get early access← Where heygrc fits
Questions

heygrc and Amazon Q Developer, common questions.

Is heygrc an alternative to Amazon Q Developer?

Not exactly. Amazon Q Developer reviews your code; heygrc reviews each change for compliance against the frameworks your company must meet (ISO 27001, SOC 2, GDPR, and more) and cites the specific control it touches. They answer different questions about the same pull request, so heygrc is designed to run alongside it, not replace it.

Can I use heygrc and Amazon Q Developer together?

Yes. They look at different kinds of risk on the same diff: Amazon Q Developer on the code, heygrc on the compliance control a change touches. heygrc does not replace your code review.

What does heygrc check on a pull request?

heygrc reviews each pull request against the frameworks your company selected and cites the specific control a change touches, so the compliance question is answered in code review. heygrc does not certify you and is in early access.

More comparisons

How heygrc fits with other tools.

heygrc and Bugbotheygrc and CodeRabbitheygrc and Copilotheygrc and Greptileheygrc and Qodoheygrc and SonarQubeheygrc and Graphiteheygrc and Korbitheygrc and Ellipsisheygrc and Bazheygrc and Devin Reviewheygrc and Snyk Codeheygrc and Semgrepheygrc and CodeAntheygrc and Codacyheygrc and CodeSceneheygrc and DeepSourceheygrc and Bitoheygrc and Sourceryheygrc and GitGuardianheygrc and Qodanaheygrc and Entelligenceheygrc and Aikidoheygrc and GitLab Duoheygrc and What The Diffheygrc and Panto AIheygrc and HackerOne Codeheygrc and Mergify

See also: AI code review tools in 2026.