Autodetecting AI code in your project
On this page
Knowing if your project contains AI-generated code helps raise awareness of code ownership and code security. To help build this awareness, SonarQube Server can autodetect AI-generated code in projects on GitHub using GitHub Copilot. If turned on, the feature alerts Instance Admins when project contributors recently used GitHub Copilot so that such projects can be protected with Sonar’s AI Code Assurance.
Autodetect AI-Generated Code is turned on by default in SonarQube Server, but your GitHub App must have the appropriate permissions.
Requirements
- The Autodetect AI-Generated Code feature is turned on by default in SonarQube Server. See the instructions below to manage feature activation at the global and project levels.
- A Project Admin must enable access from your GitHub App. The autodetection feature will not function without giving SonarQube Server access to GitHub Copilot Business.
Autodetecting AI code
Step 1: Manage AI autodetection in SonarQube Server
Autodetect AI-Generated Code can be managed at the global and project levels:
- At the global level, go to Administration > Configuration > General Settings > AI-Generated Code and select or deselect Autodetect AI-Generated Code. The setting is turned on by default.
- At the project level, go to Your Project > Project Settings > AI-Generated Code and select or deselect Autodetect AI-Generated Code in this project. The setting is turned on by default.
Step 2: Enable your GitHub integration
The Autodetect AI-Generated Code feature relies on your GitHub App to give SonarQube Server access to your organization’s usage statistics of GitHub Copilot. To create a new integration or manage an existing one, go to Administration > DevOps Platform Integrations > GitHub.
Once you’ve registered SonarQube Server as a GitHub App, a Project Admin must navigate (in GitHub) to Your GitHub App > App settings > Permissions & events > Organization permissions > GitHub Copilot Business and set the access level to Read-only. Note that as per standard procedure, GitHub will send a confirmation email which must be acknowledged.
Step 3: Rescan your project
With the requirements satisfied, SonarQube Server will check for the presence of AI-generated code each time an analysis is performed. Projects containing autodetected code will display the 
AI code detected status.
If Autodetect AI-Generated Code is turned off on a project containing autodetected code, the AI code detected status will be displayed until the next analysis is run.
Related pages
- AI capabilities overview
- Standards for AI-generated code
- see Getting AI-generated fix suggestions
- see Marking a project as containing AI-generated code
- see Defining quality gates for standard instructions to create a new quality gate
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
