springboot-verification
Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.
Best use case
springboot-verification is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.
Teams using springboot-verification should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/springboot-verification/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How springboot-verification Compares
| Feature / Agent | springboot-verification | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Spring Boot Verification Loop Run before PRs, after major changes, and pre-deploy. ## Phase 1: Build ```bash mvn -T 4 clean verify -DskipTests # or ./gradlew clean assemble -x test ``` If build fails, stop and fix. ## Phase 2: Static Analysis Maven (common plugins): ```bash mvn -T 4 spotbugs:check pmd:check checkstyle:check ``` Gradle (if configured): ```bash ./gradlew checkstyleMain pmdMain spotbugsMain ``` ## Phase 3: Tests + Coverage ```bash mvn -T 4 test mvn jacoco:report # verify 80%+ coverage # or ./gradlew test jacocoTestReport ``` Report: - Total tests, passed/failed - Coverage % (lines/branches) ## Phase 4: Security Scan ```bash # Dependency CVEs mvn org.owasp:dependency-check-maven:check # or ./gradlew dependencyCheckAnalyze # Secrets (git) git secrets --scan # if configured ``` ## Phase 5: Lint/Format (optional gate) ```bash mvn spotless:apply # if using Spotless plugin ./gradlew spotlessApply ``` ## Phase 6: Diff Review ```bash git diff --stat git diff ``` Checklist: - No debugging logs left (`System.out`, `log.debug` without guards) - Meaningful errors and HTTP statuses - Transactions and validation present where needed - Config changes documented ## Output Template ``` VERIFICATION REPORT =================== Build: [PASS/FAIL] Static: [PASS/FAIL] (spotbugs/pmd/checkstyle) Tests: [PASS/FAIL] (X/Y passed, Z% coverage) Security: [PASS/FAIL] (CVE findings: N) Diff: [X files changed] Overall: [READY / NOT READY] Issues to Fix: 1. ... 2. ... ``` ## Continuous Mode - Re-run phases on significant changes or every 30–60 minutes in long sessions - Keep a short loop: `mvn -T 4 test` + spotbugs for quick feedback **Remember**: Fast feedback beats late surprises. Keep the gate strict—treat warnings as defects in production systems.
Related Skills
verification-loop
Comprehensive verification system for code changes
springboot-tdd
Test-driven development for Spring Boot using JUnit 5, Mockito, MockMvc, Testcontainers, and JaCoCo. Use when adding features, fixing bugs, or refactoring.
springboot-security
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
springboot-patterns
Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work.
laravel-verification
Verification loop for Laravel projects: env checks, linting, static analysis, tests with coverage, security scans, and deployment readiness.
django-verification
Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR.
x-api
X/Twitter API integration for posting tweets, threads, reading timelines, search, and analytics. Covers OAuth auth patterns, rate limits, and platform-native content posting. Use when the user wants to interact with X programmatically.
workspace-surface-audit
Audit the active repo, MCP servers, plugins, connectors, env surfaces, and harness setup, then recommend the highest-value ECC-native skills, hooks, agents, and operator workflows. Use when the user wants help setting up Gemini CLI or understanding what capabilities are actually available in their environment.
visa-doc-translate
Translate visa application documents (images) to English and create a bilingual PDF with original and translation
videodb
See, Understand, Act on video and audio. See- ingest from local files, URLs, RTSP/live feeds, or live record desktop; return realtime context and playable stream links. Understand- extract frames, build visual/semantic/temporal indexes, and search moments with timestamps and auto-clips. Act- transcode and normalize (codec, fps, resolution, aspect ratio), perform timeline edits (subtitles, text/image overlays, branding, audio overlays, dubbing, translation), generate media assets (image, audio, video), and create real time alerts for events from live streams or desktop capture.
video-editing
AI-assisted video editing workflows for cutting, structuring, and augmenting real footage. Covers the full pipeline from raw capture through FFmpeg, Remotion, ElevenLabs, fal.ai, and final polish in Descript or CapCut. Use when the user wants to edit video, cut footage, create vlogs, or build video content.
unified-notifications-ops
Operate notifications as one ECC-native workflow across GitHub, Linear, desktop alerts, hooks, and connected communication surfaces. Use when the real problem is alert routing, deduplication, escalation, or inbox collapse.