AI Code Assurance

This section explains how to manage standards for AI-generated code, including the use of tools for Sonar’s AI Code Assurance in your SonarQube Server project.

Sonar’s AI Code Assurance helps you ensure security and code quality within projects containing AI-generated code. By utilizing project labels, custom quality gate certification and marking, and dynamic project badge publishing, you can maintain high standards and confidently assure the quality of your AI projects.

Assuring your AI code

SonarQube Server recognizes that AI-generated code should be monitored with additional quality standards. Recommended checks include high standards to reduce code complexity, remove bugs, and eliminate injection vulnerabilities. SonarQube’s AI Code Assurance features bring confidence that your AI-generated code is being reviewed to avoid any accountability crisis.

These objectives are achieved with three features that allow Quality Standard administrators to qualify projects as AI Code Assured:

  1. Labeling projects with AI code

  2. Apply a quality gate for AI Code Assurance

  3. Publish an AI Code Assurance badge externally to your websites. See the Monitor projects with AI code page for more inforamtion.

The full details for achieving AI Code Assurance are outlined on the Set your AI standards page.

Quality gates for AI code

Quality gates designed for projects containing AI-generated code are an important part of the quality control and review process. The Quality gates for AI code page outlines the important control measures that help protect against the buildup of new issues as you leverage AI assistance in your coding process, and adds an extra layer of protection helps catch vulnerabilities and critical reliability issues that could be lurking in your project.

Quality profiles for AI code

When AI Code Assurance is enabled on a project, it should protect the AI-generated code by applying a suitable quality standard for developers to follow. Therefore, it’s important to define a set of rules that will offer the necessary protection to AI-generated code. To ensure protection of a project with AI code, the project should not only have a strict quality gate, but also a strict quality profile. The Quality profiles for AI code page helps you define, for a given language, the set of coding rules to be applied during analysis.

In SonarQube Server version 10.7, the Sonar way quality gate was enforced on projects marked as containing AI Code. If you’re migrating from this version, projects using this quality gate will lose their AI Code Assurance status until a new, AI-qualified quality gate is applied.

Monitoring your projects

If you’ve completed the steps above to apply AI Code Assured quality gates to your projects, a series of external badges are available to publish on your websites. For more details, please see the Monitor projects with AI code page.

PreviousOverviewNextAutodetect AI code

Last updated

Was this helpful?