> For the complete documentation index, see [llms.txt](https://docs.sonarsource.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sonarsource.com/sonarqube-cloud/standards/ai-code-assurance/quality-gate-for-agentic-ai.md). # Quality gate for agentic AI ## *Sonar way for agentic AI* quality gate {% hint style="warning" %} The *Sonar way for agentic AI* quality gate replaces the *Sonar way for AI code* quality gate. If your projects used the *Sonar way for AI code* quality gate, they are now marked as *legacy*. {% endhint %} The *Sonar way for agentic AI* quality gate is a built-in quality gate optimized for agent centric development lifecycles where AI agents are generating or modifying code. The new standard is optimized to balance protection and development velocity. ### *Sonar way for agentic AI* quality gate conditions The quality gate enforces six conditions on new code: 1. **Software quality**: No new Reliability issues with severity greater or equal to Low.\ **Type**: No new Bugs with severity greater or equal to Minor. 2. **Software quality**: No new Security issues with severity greater or equal to Low.\ **Type**: No new Vulnerabilities with severity greater or equal to Minor. 3. **Software quality**: No new Maintainability issues with severity greater or equal to Medium.\ **Type**: No new Code Smells with severity greater or equal to Major. 4. No new Dependency Risks with severity greater or equal to Low. 5. Coverage on new code is greater or equal to 80%. 6. Duplication on new code is less or equal to 3% {% hint style="info" %} Dependency Risks are part of Advanced Security and are available as an add-on that requires a separate subscription to your SonarQube Cloud's [Enterprise](https://www.sonarsource.com/plans-and-pricing/#sonarqube-cloud-features) plan. If your plan doesn’t include SonarQube Advanced Security, the Dependency Risk condition will be grayed out and the quality gate will skip. {% endhint %} We recommend you use the *Sonar way for agentic AI* quality gate in conjunction with the *Sonar agentic AI* quality profile if you want to optimize the standards for agent centric development. See [Quality profiles for agentic AI](/sonarqube-cloud/standards/ai-code-assurance/quality-profiles-for-agentic-ai.md) for language support. ### Importance of the Dependency Risks condition In agentic development, where AI agents have the autonomy to write code and introduce dependencies, that’s why the dependency risk condition is an important aspect of the *Sonar way for agentic AI* quality gate. When an agent introduces a library to solve a problem, it can unknowingly open the door to a digital intruder. Managing these dependency risks is critical because agents may autonomously install packages without manual vetting, which escalates the risk. Dependency Risks are part of [Advanced Security](/sonarqube-cloud/advanced-security.md) and are available as an add-on that requires a separate subscription to your SonarQube Cloud's [Enterprise](https://www.sonarsource.com/plans-and-pricing/#sonarqube-cloud-features) plan. ## Assign quality gate to your project To assign the Sonar way for agentic AI quality gate at a project level as a replacement of the default quality gate set at the organization level: 1. Go to *Your project* > **Quality gate**. 2. Select **Use a specific quality gate** option 3. From the drop down menu select the *Sonar way for agentic AI* quality gate. ## Assign quality gate at the organization level You can set *Sonar way for agentic AI* quality gate as a default quality gate for all projects within your organization. 1. Go to Your organization > **Quality gate**. 2. From the available quality gates, select *Sonar way for agentic AI*. 3. In the details view, select the action menu > **Set as default**. ## Customizing a quality gate You can copy the *Sonar way for agentic AI* quality gate and edit its conditions to suit your specific needs. See [Managing custom quality gates](/sonarqube-cloud/standards/managing-quality-gates/managing-custom-quality-gates.md) for more details. ### Qualifying custom quality gate for AI Code Assurance Any quality gate can be marked as qualified for AI code with the ![$in-shield-on](/files/0bWB93MbQPZ4CLq68g7k)**AI Code Assurance** status label available for quality gates. To activate this label, open the **Actions** menu of your quality gate on the **Quality Gates** page and select **Qualify for AI Code Assurance**. Before you create a custom quality gate for AI code, check the [conditions](#sonar-way-for-agentic-ai-quality-gate-conditions) included in the *Sonar way for agentic AI* quality gate. ### Apply custom quality gate for AI Code Assurance The final step in achieving AI Code Assurance requires that an AI-qualified quality gate be applied to your project. In SonarQube Cloud, navigate to *Your Organization* > *Your Project* > **Administration** > **AI Code Assurance**. 1. If you’ve already [Set your AI standards](/sonarqube-cloud/standards/ai-code-assurance/overview.md#label-projects-with-ai-code), it’s eligible for the ![$in-shield-on](/files/0bWB93MbQPZ4CLq68g7k)**AI Code Assurance** status label; all you need to do is apply an AI-qualified quality gate. 2. Select a quality gate qualified for AI Code Assurance. Projects completing these steps will show their AI Code Assurance status on the Summary page of your project (**Main**, **Pull Requests**, and **Branches**), and the **Project Information** page. To understand the status labels and badges for AI Code Assurance, see the [Monitor projects with AI code](/sonarqube-cloud/standards/ai-code-assurance/monitor-projects-with-ai-code.md) page. Projects marked as containing AI-generated code and *do not use an AI Code Assured quality gate* will only display the ![$contains-ai-code](/files/iwZbXVzdyHjM2lcq7TaV) label. ## Monitoring your projects If you’ve completed the steps above to apply AI Code Assured quality gates to your project, a series of external badges are available to publish on your websites. For more details, please see the [Monitor projects with AI code](/sonarqube-cloud/standards/ai-code-assurance/monitor-projects-with-ai-code.md) page. ## Related pages * [Managing custom quality gates](/sonarqube-cloud/standards/managing-quality-gates/managing-custom-quality-gates.md) * [Quality profiles for agentic AI](/sonarqube-cloud/standards/ai-code-assurance/quality-profiles-for-agentic-ai.md) * [Advanced Security](/sonarqube-cloud/advanced-security.md) * [AI capabilities](/sonarqube-cloud/ai-capabilities.md) * [Monitor projects with AI code](/sonarqube-cloud/standards/ai-code-assurance/monitor-projects-with-ai-code.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/sonarqube-cloud/standards/ai-code-assurance/quality-gate-for-agentic-ai.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.