Ctrlk
Start FreeLogin
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Quality gate for agentic AI

Managing Sonar way for agentic AI quality gate.

Sonar way for agentic AI quality gate

The Sonar way for agentic AI quality gate replaces the Sonar way for AI code quality gate. If your projects used the Sonar way for AI code quality gate, they are now marked as legacy.

The Sonar way for agentic AI quality gate is a built-in quality gate optimized for agent centric development lifecycles where AI agents are generating or modifying code. The new standard is optimized to balance protection and development velocity.

Sonar way for agentic AI quality gate conditions

The quality gate enforces six conditions on new code:

  1. Software quality: No new Reliability issues with severity greater or equal to Low. Type: No new Bugs with severity greater or equal to Minor.

  2. Software quality: No new Security issues with severity greater or equal to Low. Type: No new Vulnerabilities with severity greater or equal to Minor.

  3. Software quality: No new Maintainability issues with severity greater or equal to Medium. Type: No new Code Smells with severity greater or equal to Major.

  4. No new Dependency Risks with severity greater or equal to Low.

  5. Coverage on new code is greater or equal to 80%.

  6. Duplication on new code is less or equal to 3%

Dependency Risks are part of Advanced Security and are available as an add-on that requires a separate subscription to your SonarQube Cloud's Enterprise plan. If your plan doesn’t include SonarQube Advanced Security, the Dependency Risk condition will be grayed out and the quality gate will skip.

We recommend you use the Sonar way for agentic AI quality gate in conjunction with the Sonar agentic AI quality profile if you want to optimize the standards for agent centric development. See Quality profiles for agentic AI for language support.

Importance of the Dependency Risks condition

In agentic development, where AI agents have the autonomy to write code and introduce dependencies, that’s why the dependency risk condition is an important aspect of the Sonar way for agentic AI quality gate. When an agent introduces a library to solve a problem, it can unknowingly open the door to a digital intruder. Managing these dependency risks is critical because agents may autonomously install packages without manual vetting, which escalates the risk.

Dependency Risks are part of Advanced Security and are available as an add-on that requires a separate subscription to your SonarQube Cloud's Enterprise plan.

Assign quality gate to your project

To assign the Sonar way for agentic AI quality gate at a project level as a replacement of the default quality gate set at the organization level:

  1. Go to Your project > Quality gate.

  2. Select Use a specific quality gate option

  3. From the drop down menu select the Sonar way for agentic AI quality gate.

Assign quality gate at the organization level

You can set Sonar way for agentic AI quality gate as a default quality gate for all projects within your organization.

  1. Go to Your organization > Quality gate.

  2. From the available quality gates, select Sonar way for agentic AI.

  3. In the details view, select the action menu > Set as default.

Customizing a quality gate

You can copy the Sonar way for agentic AI quality gate and edit its conditions to suit your specific needs. See Managing custom quality gates for more details.

Qualifying custom quality gate for AI Code Assurance

Any quality gate can be marked as qualified for AI code with the $in-shield-onAI Code Assurance status label available for quality gates. To activate this label, open the Actions menu of your quality gate on the Quality Gates page and select Qualify for AI Code Assurance. Before you create a custom quality gate for AI code, check the conditions included in the Sonar way for agentic AI quality gate.

Apply custom quality gate for AI Code Assurance

The final step in achieving AI Code Assurance requires that an AI-qualified quality gate be applied to your project. In SonarQube Cloud, navigate to Your Organization > Your Project > Administration > AI Code Assurance.

  1. If you’ve already Label projects with AI code, it’s eligible for the $in-shield-onAI Code Assurance status label; all you need to do is apply an AI-qualified quality gate.

  2. Select a quality gate qualified for AI Code Assurance.

Projects completing these steps will show their AI Code Assurance status on the Summary page of your project (Main, Pull Requests, and Branches), and the Project Information page. To understand the status labels and badges for AI Code Assurance, see the Monitor projects with AI code page.

Projects marked as containing AI-generated code and do not use an AI Code Assured quality gate will only display the $contains-ai-code label.

Monitoring your projects

If you’ve completed the steps above to apply AI Code Assured quality gates to your project, a series of external badges are available to publish on your websites. For more details, please see the Monitor projects with AI code page.

Related pages

PreviousSet your AI standardsNextQuality profiles for agentic AI

Last updated

Was this helpful?