Standards for AI-generated code

SonarQube Server helps you set appropriate standards for projects containing AI-generated code to ensure security and code quality. A combination of tools, including project labels, the ability to certify and mark custom quality gates, and publishing dynamic project badges, lets you ensure that your AI projects are AI Code Assured.

Assuring your AI code

SonarQube Server recognizes that AI-generated code should be monitored with additional quality standards. Recommended checks include high standards to reduce code complexity, remove bugs, and eliminate taint vulnerabilities. SonarQube’s AI Code Assurance features bring confidence that your AI-generated code is being reviewed to avoid any accountability crisis.

These objectives are achieved with three features that allow Quality Standard administrators to qualify projects as AI Code Assured:

1. Enabling AI Code Assurance on projects
2. Apply a quality gate for AI Code Assurance
3. Publish the AI Code Assurance badge

Enabling AI Code Assurance on projects

There are two steps to enable AI Code Assurance on your project.

1. Go to Project settings > AI-generated code and activate the Contains AI-generated code setting. Projects marked in this way will have an AI CODE label in the Projects page.
2. Then, apply an AI-qualified quality gate to your project. Projects marked in this way will have an AI Code Assurance label in the project list. For more information, see the Applying a qualified quality gate article on the Standards for AI code page.

If you’ve completed both steps above, a dynamic AI Code Assurance badge will be available to publish the current status of your AI Code Assured projects on your web pages. This badge works like other SonarQube badges and can be used by any team member with project access; see Using a project badge for instructions.

Apply a quality gate for AI Code Assurance

If you’ve marked your project as Contains AI-generated code, your project is eligible for the AI CODE ASSURANCE label; all you need to do is apply an AI Code Assured quality gate.

Any quality gate can be marked as qualified for AI code with the AI Code Assurance label available for quality gates. To activate this label, open the Actions menu of your quality gate on the Quality Gates page and select Qualify for AI Code Assurance. Before you create a custom quality gate for AI code, check the recommendations listed below for conditions included in the Sonar way for AI Code quality gate.

Projects using an AI Code Assured quality gate will display the AI CODE ASSURANCE label on your Projects page. Projects marked as containing AI-generated code but do not use an AI Code Assured quality gate will only display the AI CODE label.

The use of the Sonar way quality gate is no longer enforced on projects marked as containing AI code.

Using the Sonar way for AI Code quality gate

Using the Sonar way for AI Code quality gate is the recommended way to achieve AI Code Assurance in your project. The Sonar way for AI Code quality gate is the built-in quality gate designed to protect AI-generated code.

Conditions applied to the Sonar way for AI code quality gate

The Sonar way for AI code quality gate has seven conditions: 

• Conditions on new code:
  • No new issues are introduced
  • All new Security Hotspots are reviewed
  • New code test coverage is greater than or equal to 80.0%
  • Duplication in the new code is less than or equal to 3.0%
• Conditions on overall code:
  • Security rating: A
  • All security hotspots are reviewed
  • Reliability rating: C

Using the AI Code Assurance badge

If you’ve marked your project as Contains AI code and are using an AI Code Assured quality gate, an AI Code Assurance badge is available to publish on your web pages. See the Using a project badge page for these instructions.

Related pages

• AI features
• see Getting AI-generated fix suggestions
• see Marking a project as containing AI-generated code
• see Defining quality gates for standard instructions to create a new quality gate