Does this skill require a separate MCP server?

No, this skill operates by calling bash scripts directly via the Claude Code Bash tool, making it lightweight and easy to install without extra infrastructure.

How do I configure my SonarQube credentials for Claude?

You must add your SONAR_HOST_URL, SONAR_TOKEN, and SONAR_PROJECT_KEY to the 'env' section of your ~/.claude/settings.json file to authenticate the requests.

What happens if a Quality Gate fails?

The skill will return a FAILED status along with the specific condition details, such as insufficient coverage or high duplication, allowing the AI to help you address the specific blockers.

Can I target only the issues I've introduced in my current branch?

Yes, by using the --new-code flag with the fetch-issues command, the skill focuses specifically on issues within the 'New Code' period defined in SonarQube.

SonarQube Code Quality & Security

Name: SonarQube Code Quality & Security
Author: COvayurt

byCOvayurt

0•

Security & Testing

Analyzes code quality and manages SonarQube issues, quality gates, and security hotspots directly within your AI coding workflow.

This skill integrates SonarQube's powerful static analysis into Claude Code, allowing you to fetch issues, check quality gate status, and view key metrics like test coverage and code smells. It streamlines the review process by identifying high-severity issues in new code, explaining rule violations, and providing actionable feedback to ensure your project meets enterprise-grade quality and security standards before deployment. By running bash-based analysis and fetching real-time project metrics, it bridges the gap between automated linting and professional code governance.

Key Features

01On-demand triggering of SonarQube scans and rule-specific explanations

02Security hotspot identification and review workflows

03Detailed metrics reporting for coverage, duplications, bugs, and vulnerabilities

04Fetch and filter SonarQube issues by severity, file, or 'New Code' status

05Real-time Quality Gate status checks with condition details

060 GitHub stars

Use Cases

01Performing a security audit on specific files to resolve hotspots and vulnerabilities

02Monitoring project health metrics and coverage directly from the terminal

03Automating the identification and fixing of issues in new code before a pull request

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add covayurt/awesome-agent-toolkit sonar

For use in Claude.ai and ChatGPT

Download Skill