Best use case
sonarqube is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
SonarQube code quality and security. Use for code analysis.
Teams using sonarqube should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/sonarqube/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How sonarqube Compares
| Feature / Agent | sonarqube | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
SonarQube code quality and security. Use for code analysis.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# SonarQube SonarQube is the leading tool for continuous inspection of code quality. It detects bugs, vulnerabilities (SAST), and code smells in over 30 programming languages. ## When to Use - **Code Quality Gates**: "Block the merge if Code Coverage < 80%". - **Technical Debt Management**: Tracking "Code Smells" and duplication over time. - **Vulnerability Detection**: Finding SQL Injection, XSS, and hardcoded secrets in source code. ## Quick Start (Docker) ```bash docker run -d --name sonarqube -p 9000:9000 sonarqube:lts # Login: admin/admin at http://localhost:9000 ``` ```yaml # sonar-project.properties sonar.projectKey=my-project sonar.sources=src sonar.host.url=http://localhost:9000 sonar.login=... ``` ## Core Concepts ### Quality Gate A set of conditions the project must meet (e.g., "No new Critical issues", "Coverage on New Code > 80%"). If failed, the CI pipeline fails. ### Clean Code Sonar methodology: Attributes code as being Consistent, Intentional, Adaptable, and Responsible. ### SonarLint IDE extension that runs Sonar rules locally _while you type_, fixing issues before commit. ## Best Practices (2025) **Do**: - **Focus on "New Code"**: It's hard to fix 5,000 old issues. Enforce strict gates on _New Code_ to stop the leak. - **Use SonarLint**: Shift left. Fix it in the IDE. - **Integrate with PRs**: Decorate Pull Requests (GitHub/GitLab) with comments on specific lines. **Don't**: - **Don't ignore "Info" or "Minor" smells**: They accumulate into a maintenance nightmare. - **Don't include generated code**: Exclude `dist/`, `build/`, and generated clients from the scan. ## References - [SonarQube Documentation](https://docs.sonarqube.org/) - [Clean Code Principles](https://www.sonarsource.com/clean-code/)
Related Skills
template
Expert [skill-name] assistance covering [feature 1], [feature 2], and [feature 3]. Use when [working with X], [debugging Y], or [implementing Z].
zsh
Zsh shell with oh-my-zsh. Use for terminal shell.
zed
Zed high-performance collaborative editor. Use for fast editing.
xcode
Xcode Apple development IDE with simulators. Use for iOS/macOS development.
webstorm
WebStorm JavaScript IDE with debugging. Use for web development.
webpack
Webpack module bundler with loaders and plugins. Use for bundling.
warp
Warp modern terminal with AI. Use for terminal work.
vscode
Visual Studio Code editor with extensions and debugging. Use for code editing.
vite
Vite fast build tool with HMR. Use for modern frontend builds.
visual-studio
Visual Studio IDE for Windows with debugging and profiling. Use for .NET development.
vim
Vim text editor with motions, macros, and plugins. Use for terminal editing.
turbopack
Turbopack Rust-powered bundler. Use for fast builds.