When should I run this verification loop?

It is highly recommended to run this loop before every Pull Request, after major refactoring, or every 30-60 minutes during active development sessions.

Does this skill work with both Maven and Gradle?

Yes, the skill provides specific commands and configurations for both Maven and Gradle projects, ensuring compatibility across most Spring Boot environments.

Can I use this for test coverage reporting?

Absolutely. It includes steps to generate JaCoCo reports and specifically checks for an 80% coverage threshold for both lines and branches.

Which static analysis tools are supported?

The skill integrates with SpotBugs, PMD, and Checkstyle to ensure high code quality and adherence to best practices.

How does it handle security?

It utilizes the OWASP Dependency-Check plugin to scan for known CVEs and uses git-secrets to prevent accidental leakage of sensitive credentials.

Spring Boot Verification Loop

Name: Spring Boot Verification Loop
Author: saar120

bysaar120

0•

Security & Testing

Automates comprehensive quality assurance for Spring Boot projects through multi-phase builds, static analysis, and security scanning.

The Spring Boot Verification skill establishes a rigorous quality gate for Java developers, providing a structured workflow for validating Spring Boot applications before Pull Requests or releases. It guides Claude through six essential phases: build validation, static analysis (SpotBugs/Checkstyle), unit testing with JaCoCo coverage, OWASP security scanning, linting, and final diff reviews. This skill ensures that code changes are not only functional but also secure, well-formatted, and compliant with enterprise-grade development standards.

Key Features

010 GitHub stars

02Security auditing via OWASP Dependency-Check and secret scanning

03Standardized verification report generation for clear PR status

04Automated static analysis using SpotBugs, PMD, and Checkstyle

05Integrated support for both Maven and Gradle build lifecycles

06Detailed test reporting with 80%+ JaCoCo coverage enforcement

Use Cases

01Enforcing consistent code style and documentation before production releases

02Performing periodic security and quality audits during long development sessions

03Validating local changes before pushing a Pull Request to prevent CI/CD failures

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add saar120/skillgate-registry springboot-verification

For use in Claude.ai and ChatGPT

Key Features

010 GitHub stars

02Security auditing via OWASP Dependency-Check and secret scanning

03Standardized verification report generation for clear PR status

04Automated static analysis using SpotBugs, PMD, and Checkstyle

05Integrated support for both Maven and Gradle build lifecycles

06Detailed test reporting with 80%+ JaCoCo coverage enforcement

Use Cases

01Enforcing consistent code style and documentation before production releases

02Performing periodic security and quality audits during long development sessions

03Validating local changes before pushing a Pull Request to prevent CI/CD failures

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add saar120/skillgate-registry springboot-verification

For use in Claude.ai and ChatGPT