← Back to Skills

Sonarqube Check

🌐Community
by codyswanngt · vlatest · Repository

This skill executes SonarQube checks to analyze code quality and identify potential bugs/vulnerabilities for improved security & maintainability.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add sonarqube-check npx -- -y @trustedskills/sonarqube-check
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "sonarqube-check": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/sonarqube-check"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill allows AI agents to trigger and analyze SonarQube code quality scans. It can be used to identify potential bugs, vulnerabilities, and maintainability issues within a codebase. The results are presented in a structured format for review and action.

When to use it

  • Automated Code Reviews: Integrate into CI/CD pipelines to automatically check code quality on every commit or pull request.
  • Security Audits: Run scans before releasing new software versions to proactively identify security vulnerabilities.
  • Refactoring Initiatives: Assess the impact of refactoring efforts by comparing SonarQube metrics before and after changes.
  • Technical Debt Management: Track code quality trends over time to prioritize areas for improvement and reduce technical debt.

Key capabilities

  • Triggers SonarQube analysis
  • Analyzes code quality results
  • Presents structured output

Example prompts

  • "Run a SonarQube scan on the my-project repository."
  • "What are the critical vulnerabilities found in the latest SonarQube report for backend?"
  • "Compare the technical debt of frontend between last week and this week based on SonarQube data."

Tips & gotchas

  • Requires a configured SonarQube instance with appropriate project access.
  • The skill's output will depend on the quality rules and configuration within your SonarQube environment.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
codyswanngt
Installs
4
Repository (canonical source) →

🌐 Community

Passed automated security scans.