Start Free
Latest | AI capabilities | Standards for AI code

Standards for AI-generated code

On this page

Assuring AI code AI Code Assurance badges Use the API to set up AI Code Assurance AI Code Assurance labels Related pages

SonarQube Server helps you set appropriate standards for projects containing AI-generated code to ensure security and code quality. A combination of tools, including project labels, the ability to certify and mark custom quality gates, and publishing dynamic project badges, lets you ensure that your AI projects are AI code-assured.

Assuring your AI code

SonarQube Server recognizes that AI-generated code should be monitored with additional quality standards. Recommended checks include high standards to reduce code complexity, remove bugs, and eliminate injection vulnerabilities. SonarQube’s AI Code Assurance features bring confidence that your AI-generated code is being reviewed to avoid any accountability crisis.

These objectives are achieved with three features that allow Quality Standard administrators to qualify projects as AI Code Assured:

  1. Label your project as containing AI code
  2. Apply a quality gate for AI Code Assurance
  3. Publish an AI Code Assurance badge externally to your websites (optional)

Labeling projects with AI code

The first step to achieving AI Code Assurance is to mark your project as containing AI code.

Go to Project settings > AI-generated code and activate the Contains AI-generated code setting. Projects marked in this way will have the CONTAINS AI CODE label shown on the Projects page, on the Main branch Overview page, and on the Project Information pages.

Apply a quality gate for AI Code Assurance

Step 2 in achieving AI Code Assurance requires that an AI-qualified quality gate be applied to your project.

If you’ve marked your project as Contains AI-generated code, it's eligible for the $in-shield-on AI Code Assurance status label; all you need to do is apply an AI-qualified quality gate.

Any quality gate can be marked as qualified for AI code with the AI Code Assurance label available for quality gates. To activate this label, open the Actions menu of your quality gate on the Quality Gates page and select Qualify for AI Code Assurance. Before you create a custom quality gate for AI code, check the recommendations listed below for conditions included in the Sonar way for AI Code quality gate.

Projects marked in this way will show their AI Code Assurance status on the Projects, main-branch Overview, and Project Information pages. See Understanding AI Code Assurance status below, for details. Projects marked as containing AI-generated code and do not use an AI Code Assured quality gate will only display the $contains-ai-code label.

The use of the Sonar way quality gate is no longer enforced on projects marked as containing AI code.

Using the API to set up AI Code Assurance

To mark a project with $contains-ai-code:

curl -XPOST -H 'Authorization: Bearer <YOUR_SONARQUBE_SERVER_TOKEN>'<YOUR_SONARQUBE_URL>/api/projects/set_contains_ai_code?contains_ai_code=true&project=<YOUR_PROJECT_KEY>

To assign an AI Code Assured quality gate to a project: 

curl -XPOST -H 'Authorization: Bearer <YOUR_SONARQUBE_SERVER_TOKEN>'<YOUR_SONARQUBE_URL>/api/qualitygates/select?gateName=<NAME_OF_YOUR_AI_ASSURED_QUALITY_GATE>&projectKey=<YOUR_PROJECT_KEY>

Using the Sonar way for AI Code quality gate

Using the Sonar way for AI Code quality gate is the recommended way to achieve AI Code Assurance in your project. The Sonar way for AI Code quality gate is the built-in quality gate designed to protect AI-generated code.

Conditions applied to the Sonar way for AI code quality gate

The Sonar way for AI code quality gate has seven conditions: 

  • Conditions on new code:
    • No new issues are introduced
    • All new Security Hotspots are reviewed
    • New code test coverage is greater than or equal to 80.0%
    • Duplication in the new code is less than or equal to 3.0%
  • Conditions on overall code:
    • Security rating: A
    • All security hotspots are reviewed
    • Reliability rating: C

Understanding your AI Code Assurance labels

Your project Overview and Project Information pages show labels highlighting the state of AI Code Assurance. These labels provide a quick visual reference of your project's state of AI Code Assurance status, including the state of containing AI-generated code and the status of your project's quality gate.

Internal AI Code Assurance status

Here’s what each AI Code Assurance label represents, and what you can do to update the status.

$contains-ai-code: Defined by a Project Admin that the project contains AI-generated code. 

    • Go to Project settings > AI-generated code or use the API to activate and deactivate this label. 

$in-shield-success AI Code Assurance passed: Your code is passing the quality gate qualified for AI-generated code

    • Run a new analysis to check your code against the quality gate.

$in-shield-error AI Code Assurance failed: Your code is not passing the quality gate qualified for AI-generated code

    • Address the issues in your code to meet the standards defined by your quality gate.

$in-shield-on AI Code Assurance is on: Your code uses a quality gate qualified for AI-generated code and the quality gate status has not been computed. 

    • Run a new analysis to update the status of your quality gate.

$in-shield-off/disabled AI Code Assurance is off: Your code is not marked as containing AI code or is not using a quality gate qualified for AI-generated code. 

    • Check that your project is marked as Contains AI-Generated Code,
    • assign a quality gate qualified for AI-generated code,
    • then run an analysis to update the quality gate status.

Using the AI Code Assurance badge

A dynamic AI Code Assurance badge is available to publish the current status of your AI Code Assured projects on your web pages. This badge works like other SonarQube external badges and can be used by any team member with project access. 

See the documentation on Using a project badge for instructions on how to publish SonarQube badges externally.

External AI Code Assurance badges

Here’s what each AI Code Assurance badge represents, and what you should do to update the status.

$AI Code Assurance | Pass: Your code is passing the quality gate qualified for AI-generated code

    • Run a new analysis to check your code against the quality gate.

$AI Code Assurance | Fail: Your code is not passing the quality gate qualified for AI-generated code

    • Address the issues in your code to meet the standards defined by your quality gate.

$AI Code Assurance | On: Your code is using a quality gate qualified for AI-generated code and the quality gate status has not been computed. 

    • Run a new analysis to update the status of your quality gate.

$AI Code Assurance | Off: Your code is not using a quality gate qualified for AI-generated code. 

    • Assign a quality gate qualified for AI-generated code and run an analysis to update the quality gate status.

Was this page helpful?

© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License