springboot-verification
Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.
About this skill
This skill orchestrates a multi-phase verification pipeline for Spring Boot applications, designed to be executed by an AI agent. It ensures code quality and readiness before critical events like a Pull Request submission, major changes, or deployment. The process covers: * **Phase 1: Build**: Compiles the project using Maven or Gradle. If the build fails, the process halts, prompting for immediate correction. * **Phase 2: Static Analysis**: Runs popular static code analysis tools such as SpotBugs, PMD, and Checkstyle to identify potential issues, code smells, and style violations, ensuring adherence to coding standards. * **Phase 3: Tests + Coverage**: Executes unit and integration tests, then generates a JaCoCo coverage report to ensure sufficient test coverage (e.g., above an 80% threshold). * **Phase 4: Security Scans**: Scans project dependencies for known Common Vulnerabilities and Exposures (CVEs) using tools like OWASP Dependency-Check, enhancing application security. * **Phase 5: Diff Review (Manual/Assisted)**: While the provided excerpt is truncated, the description implies a final review of changes. An agent could potentially summarize diffs or highlight critical changes for human oversight. The skill provides clear command-line instructions for both Maven and Gradle projects, making it versatile for common Spring Boot setups.
Best use case
This skill is invaluable for automating quality assurance in Spring Boot development workflows. It's perfectly suited for pre-commit or pre-Pull Request checks, ensuring that code submitted for review adheres to quality, testing, and security standards. It also serves as an automated gate before deployment to production, maintaining a high bar for application readiness. An AI agent can use this to quickly assess the health and compliance of a Spring Boot codebase.
Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.
Upon successful execution, the AI agent will return a detailed report summarizing the Spring Boot project's current status. This report will include: * A clear indication of build success or failure. * Summarized findings from static analysis tools (e.g., number of violations, warnings). * Comprehensive test results, including the total number of tests run, passed/failed counts, and the computed code coverage percentage. * A security vulnerability report for project dependencies, highlighting any detected CVEs and their severity. * An overall verification summary indicating whether the project passed all defined phases or where it encountered failures or warnings, along with potential recommendations for remediation.
Practical example
Example input
Please perform a complete verification loop for the current Spring Boot project, including build, static analysis, tests, and security scans.
Example output
``` Verification Loop initiated for Spring Boot project. Phase 1: Building project... [Maven/Gradle build output snippet] Build successful. Phase 2: Running Static Analysis... [SpotBugs, PMD, Checkstyle output summaries] Static analysis completed. Found 3 Checkstyle style violations and 1 PMD code smell. Phase 3: Running Tests and Coverage Analysis... [Test execution output snippet] Total tests: 120, Passed: 118, Failed: 2. Code Coverage: 75% Lines, 68% Branches. (Target 80% not met) Phase 4: Running Security Scans... [OWASP Dependency-Check output summary snippet] Security scan completed. Detected 2 high-severity CVEs in project dependencies. Verification Summary: Project verification completed with warnings/failures. - Build: PASS - Static Analysis: PASS (with minor warnings) - Tests: FAIL (2 failed tests) - Code Coverage: FAIL (75% < 80% target) - Security Scan: FAIL (2 high-severity CVEs) Recommendation: Address failing tests, improve code coverage to meet the 80% threshold, and mitigate detected security vulnerabilities before proceeding with a Pull Request or deployment. ```
When to use this skill
- Use this skill: * Before submitting a Pull Request for any Spring Boot project. * After making significant code changes, refactoring, or integrating new features. * As a crucial step within a Continuous Integration (CI) pipeline for Spring Boot applications. * When an AI agent needs to quickly assess the quality, security, and test coverage of a given Spring Boot codebase. * To enforce consistent code quality and security standards across a development team.
When not to use this skill
- Avoid using this skill: * For projects not built with Spring Boot or that are not primarily Java/Kotlin-based (e.g., Node.js, Python, frontend-only applications). * When only a quick compilation check is needed, and a full, comprehensive verification is considered overkill or too time-consuming. * In environments where Maven or Gradle build tools are not installed, configured, or are not the project's primary build system. * If the project structure deviates significantly from standard Maven/Gradle conventions, requiring highly customized and complex build steps not covered by generic commands.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/springboot-verification/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How springboot-verification Compares
| Feature / Agent | springboot-verification | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | easy | N/A |
Frequently Asked Questions
What does this skill do?
Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as easy. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Spring Boot 検証ループ PR前、大きな変更後、デプロイ前に実行します。 ## フェーズ1: ビルド ```bash mvn -T 4 clean verify -DskipTests # または ./gradlew clean assemble -x test ``` ビルドが失敗した場合は、停止して修正します。 ## フェーズ2: 静的解析 Maven(一般的なプラグイン): ```bash mvn -T 4 spotbugs:check pmd:check checkstyle:check ``` Gradle(設定されている場合): ```bash ./gradlew checkstyleMain pmdMain spotbugsMain ``` ## フェーズ3: テスト + カバレッジ ```bash mvn -T 4 test mvn jacoco:report # 80%以上のカバレッジを確認 # または ./gradlew test jacocoTestReport ``` レポート: - 総テスト数、合格/失敗 - カバレッジ%(行/分岐) ## フェーズ4: セキュリティスキャン ```bash # 依存関係のCVE mvn org.owasp:dependency-check-maven:check # または ./gradlew dependencyCheckAnalyze # シークレット(git) git secrets --scan # 設定されている場合 ``` ## フェーズ5: Lint/Format(オプションゲート) ```bash mvn spotless:apply # Spotlessプラグインを使用している場合 ./gradlew spotlessApply ``` ## フェーズ6: 差分レビュー ```bash git diff --stat git diff ``` チェックリスト: - デバッグログが残っていない(`System.out`、ガードなしの `log.debug`) - 意味のあるエラーとHTTPステータス - 必要な場所にトランザクションと検証がある - 設定変更が文書化されている ## 出力テンプレート ``` 検証レポート =================== ビルド: [合格/不合格] 静的解析: [合格/不合格] (spotbugs/pmd/checkstyle) テスト: [合格/不合格] (X/Y 合格, Z% カバレッジ) セキュリティ: [合格/不合格] (CVE発見: N) 差分: [X ファイル変更] 全体: [準備完了 / 未完了] 修正が必要な問題: 1. ... 2. ... ``` ## 継続モード - 大きな変更があった場合、または長いセッションで30〜60分ごとにフェーズを再実行 - 短いループを維持: `mvn -T 4 test` + spotbugs で迅速なフィードバック **注意**: 迅速なフィードバックは遅い驚きに勝ります。ゲートを厳格に保ち、本番システムでは警告を欠陥として扱います。
Related Skills
laravel-verification
Verification loop for Laravel projects: env checks, linting, static analysis, tests with coverage, security scans, and deployment readiness.
springboot-tdd
Test-driven development for Spring Boot using JUnit 5, Mockito, MockMvc, Testcontainers, and JaCoCo. Use when adding features, fixing bugs, or refactoring.
springboot-security
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
springboot-patterns
Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work.
django-verification
Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR.
workspace-surface-audit
Audit the active repo, MCP servers, plugins, connectors, env surfaces, and harness setup, then recommend the highest-value ECC-native skills, hooks, agents, and operator workflows. Use when the user wants help setting up Claude Code or understanding what capabilities are actually available in their environment.
safety-guard
Use this skill to prevent destructive operations when working on production systems or running agents autonomously.
repo-scan
Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
project-flow-ops
Operate execution flow across GitHub and Linear by triaging issues and pull requests, linking active work, and keeping GitHub public-facing while Linear remains the internal execution layer. Use when the user wants backlog control, PR triage, or GitHub-to-Linear coordination.
manim-video
Build reusable Manim explainers for technical concepts, graphs, system diagrams, and product walkthroughs, then hand off to the wider ECC video stack if needed. Use when the user wants a clean animated explainer rather than a generic talking-head script.
laravel-plugin-discovery
Discover and evaluate Laravel packages via LaraPlugins.io MCP. Use when the user wants to find plugins, check package health, or assess Laravel/PHP compatibility.
design-system
Use this skill to generate or audit design systems, check visual consistency, and review PRs that touch styling.