Managing quality gates for AI code
Overview
The first objective for AI Code Assurance is labeling projects with the 
label. For details, see Labeling projects with AI code.
To complete the second objective, you will assign a quality gate qualified for AI Code Assurance to your projects. You can use the default quality gate, Sonar way for AI Code, or create a custom quality gate to meet your requirements; all of the instructions are on this page. If you already have an AI-qualified quality gate you want to use, skip to Apply your quality gate for AI Code Assurance below.
Projects completing these steps will show their AI Code Assurance status on the Projects, main-branch Overview, and Project Information pages. When using AI Code Assured quality gates, a series of external badges are available to publish on your websites. For more details, please see the Monitoring projects with AI code page.
Quality gates for AI code
Creating a custom quality gate for AI code
Creating a custom quality gate for AI code begins like any other. In SonarQube Cloud, navigate to Your Organization > Quality Gates and select Create. For more details about defining your conditions, see the Managing quality gates page. Once you’ve defined your conditions, go to the three-dots menu and select Qualify for AI Code Assurance.
The use of the Sonar way quality gate is no longer enforced on projects marked as containing AI code.
Recommendations on custom quality gates for AI code
To safeguard your projects from potential issues introduced by AI-generated code and fixes, it's crucial to implement stringent quality control and review processes. By setting conditions on your New Code Definition (NCD) within your quality gate, you can proactively prevent the buildup of new issues as you leverage AI assistance in your coding process.
Remember that AI assistants might have been used to generate code in your projects even before you defined your NCD. Therefore, it's essential to also apply conditions to Overall Code. This extra layer of protection helps catch vulnerabilities and critical reliability issues that could be lurking in your project, beyond the reach of your NCD.
Using Sonar way for AI code, the recommended quality gate for AI Code Assurance
The Sonar way for AI Code quality gate incorporates these recommendations and is the suggested quality gate for AI code projects. To ensure your AI-generated code is secure, high-quality, and maintainable, while also boosting development productivity and avoiding business risks, it needs strict quality control and reviews on both new and overall code.
Conditions applied to the Sonar way for AI code quality gate
The Sonar way for AI code quality gate has seven conditions:
- Conditions on new code:
- No new issues are introduced
- All new Security Hotspots are reviewed
- New code test coverage is greater than or equal to 80.0%
- Duplication in the new code is less than or equal to 3.0%
- Conditions on overall code:
- Security rating: A
- All security hotspots are reviewed
- Reliability rating: C
Qualifying your quality gate for AI Code Assurance
Any quality gate can be marked as qualified for AI code with the 
AI Code Assurance status label available for quality gates. To activate this label, open the Actions menu of your quality gate on the Quality Gates page and select Qualify for AI Code Assurance. Before you create a custom quality gate for AI code, check the recommendations listed above for conditions included in the Sonar way for AI Code quality gate.
Apply your quality gate for AI Code Assurance
The final step in achieving AI Code Assurance requires that an AI-qualified quality gate be applied to your project. In SonarQube Cloud, navigate to Your Organization > Your Project > Administration > AI Code Assurance.
Step 1: If you’ve already labeled the project as containing AI code, it's eligible for the AI Code Assurance status label; all you need to do is apply an AI-qualified quality gate.
Step 2: Select a quality gate qualified for AI Code Assurance.
Projects completing these steps will show their AI Code Assurance status on the Projects page, each of the branch overview pages (Overview, Main Branch, Pull Requests, and Branches), and your project’s Information page. To understand the status labels and badges for AI Code Assurance, see the Monitor projects with AI code page.
Projects marked as containing AI-generated code and do not use an AI Code Assured quality gate will only display the label.
Autodetecting AI code
If your SonarCloud Organization is integrated with GitHub and you’re using GitHub Copilot, your project is eligible for automatically detecting AI-generated code. For more information, see Setting up AI Code Autodetection.
Monitoring your projects
If you've completed the steps above to apply AI Code Assured quality gates to your project, a series of external badges are available to publish on your websites. For more details, please see the Monitoring projects with AI code page.
Related pages
- Overview of AI capabilities
- Setting your quality standards for AI Code Assurance
- Setting up AI features at the organization level
- Enabling AI CodeFix to get AI-generated fix suggestions
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
