Does this skill require an MCP server?

No, this skill operates via direct bash scripts located in your local agents directory, meaning no separate MCP server infrastructure is required.

What credentials are required to use this skill?

You need to provide your SonarQube host URL, a valid security token, and your project key as environment variables (SONAR_HOST_URL, SONAR_TOKEN, and SONAR_PROJECT_KEY).

Can Claude fix the issues it finds via SonarQube?

Yes, Claude can fetch the specific issues and rule details, read the affected files, and propose or apply the necessary code changes to resolve the violations.

Can I target issues only in my recent changes?

Yes, the skill includes a specific '--new-code' flag that allows Claude to focus exclusively on issues introduced in the current leak period or CI/CD cycle.

SonarQube Integration

Name: SonarQube Integration
Author: COvayurt

byCOvayurt

0•

보안 및 테스팅

Integrates SonarQube code quality and security analysis directly into Claude's workflow for automated issue tracking and remediation.

The Sonar skill bridges the gap between static analysis and AI-driven development by allowing Claude to interact with your SonarQube server via local bash scripts. It enables Claude to fetch code smells, security hotspots, and quality gate statuses, providing the AI with the context needed to explain complex rules and automatically apply fixes. This integration is essential for maintaining high standards of code health, ensuring that technical debt and security vulnerabilities are addressed before code reaches production.

주요 기능

01Fetch and filter SonarQube issues by severity, file path, or 'New Code' status

02Retrieval of project health metrics including coverage, duplication, and bug counts

030 GitHub stars

04Real-time Quality Gate monitoring with detailed pass/fail condition reports

05On-demand Sonar rule explanations to guide precise code remediation

06Automated security hotspot reviews and vulnerability categorization

사용 사례

01Identifying and fixing 'New Code' issues before merging pull requests

02Monitoring test coverage and technical debt metrics during active development

03Auditing project security hotspots to remediate potential vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add covayurt/awesome-agent-toolkit sonar

For use in Claude.ai and ChatGPT

Download Skill