Set your AI standards

This section explains how to manage AI standards, including the use of tools for Sonar’s AI Code Assurance in your SonarQube Cloud project.

Sonar’s AI Code Assurance helps you ensure security and code quality within projects containing AI-generated code. By utilizing project labels, custom quality gate certification and marking, and dynamic project badge publishing, you can maintain high standards and confidently assure the quality of your AI projects.

Assuring your AI code

SonarQube Cloud recognizes that AI-generated code should be monitored with additional quality standards. Recommended checks include high standards to reduce code complexity, remove bugs, and eliminate injection vulnerabilities. SonarQube’s AI Code Assurance features bring confidence that your AI-generated code is being reviewed to avoid any accountability crisis.

These objectives are achieved with three features that allow Quality Standard administrators to qualify projects as AI Code Assured:

  1. Publish an AI Code Assurance badge externally to your websites to Monitor projects containing AI code.

Labeling projects with AI code

The first step to achieving AI Code Assurance is to mark your project as containing AI code.

Go to Your Project > Administration > AI Code Assurance and select This project contains AI-generated code. Projects marked in this way will have the $contains-ai-code label shown on the Projects page, on the Main branch Overview page, and on the Project Information pages.

Apply a quality gate for AI Code Assurance

Step 2 in achieving AI Code Assurance requires that an AI-qualified quality gate be applied to your project. While you are in Your Project > Administration > AI Code Assurance, select a qualified quality gate from the list.

See the Quality gates for AI code for detailed information about qualifying your custom quality gate for AI Code Assurance.

Monitor projects containing AI code

Projects marked with the $contains-ai-code label and using a quality gate qualified for AI Code are eligible to publish the $in-shield-on badge on your external websites. For information about using the AI Code Assurance badges, please see Monitor projects with AI code.

If your SonarCloud Organization is connected to GitHub and your team is using GitHub Copilot, your projects can activate AI code automatically based on user data. For more information, check out the Autodetect AI code page.

Last updated

Was this helpful?