AI Code Assurance

This section explains how to manage standards for AI-generated code, including the use of tools for Sonar’s AI Code Assurance in your SonarQube Cloud project.

SonarQube Cloud’s AI Code Assurance features help you set appropriate standards for projects containing AI-generated code. A combination of tools, including project labels, a default quality gate, and the availability of externally published project badges, lets you ensure that your AI projects are protected for security and code quality.

Assuring your AI code

SonarQube Cloud recognizes that AI-generated code should be monitored with additional quality standards. Recommended checks include high standards to reduce code complexity, remove bugs, and eliminate injection vulnerabilities. SonarQube’s AI Code Assurance features bring confidence that your AI-generated code is being reviewed to avoid any accountability crisis.

These objectives are achieved with three features that allow Quality Standard administrators to qualify projects as AI Code Assured:

  1. Publish an AI Code Assurance badge externally to your websites. See the Monitor projects containing AI code page for instructions.

The full details to setting up AI Code Assurance are outlined on the Set your AI standards page.

Quality gates for AI code

Quality gates designed for projects containing AI-generated code are an important part of the quality control and review process. The Quality gates for AI code page outlines the important control measures that help protect against the buildup of new issues as you leverage AI assistance in your coding process, and adds an extra layer of protection helps catch vulnerabilities and critical reliability issues that could be lurking in your project.

Quality profiles for AI code

When AI Code Assurance is enabled on a project, it should protect the AI-generated code by applying a suitable quality standard for developers to follow. Therefore, it’s important to define a set of rules that will offer the necessary protection to AI-generated code. To ensure protection of a project with AI code, the project should not only have a strict quality gate, but also a strict quality profile. The Quality profiles for AI code page helps you define, for a given language, the set of coding rules to be applied during analysis.

Autodetecting AI code

Knowing if your project contains AI-generated code helps raise awareness of code ownership and code security. To help build this awareness, SonarQube Cloud can autodetect AI-generated code in projects on GitHub using GitHub Copilot. See the page about Autodetect AI code for an overview.

If your SonarCloud Organization is integrated with GitHub and you’re using GitHub Copilot, your project is eligible for automatically detecting AI-generated code. For more information, see Autodetect AI code.

Monitoring your projects

If you’ve completed the steps above to apply AI Code Assured quality gates to your projects, a series of external badges are available to publish on your websites. For more details, please see the Monitor projects with AI code page.

  • Overview to AI features at the organization level

  • Learn about AI CodeFix to get AI-generated fix suggestions

Last updated

Was this helpful?