Latest | Quality standards administration | Standards for AI Code Assurance | Quality gates for AI code

Managing quality gates for AI code

Overview

The first objective for AI Code Assurance is labeling projects with the label. For details, see Labeling project with AI code.

To complete the second objective, you will assign a quality gate qualified for AI Code Assurance to your projects. You can use the default quality gate, Sonar way for AI Code, or create a custom quality gate to meet your requirements; all of the instructions are on this page. If you already have an AI-qualified quality gate you want to use, skip to Apply a quality gate for AI Code Assurance below.

Projects completing these steps will show their AI Code Assurance status on the Projects, main-branch Overview, and Project Information pages. When using AI Code Assured quality gates, a series of external badges are available to publish on your websites. For more details, please see the Monitoring projects with AI code page.

Quality gates for AI code

Creating a custom quality gate for AI code

Creating a custom quality gate for AI code begins like any other. In SonarQube Server's top navigation bar, select Quality Gates and select Create. For more details about defining your conditions, see the Managing quality gates page. Once you’ve defined your conditions, go to the three-dots menu and select Qualify for AI Code Assurance.

The use of the Sonar way quality gate is no longer enforced on projects marked as containing AI code.

In SonarQube Server version 10.7, the Sonar way quality gate was enforced on projects marked as containing AI Code. If you're migrating from this version, projects using this quality gate will lose their AI Code Assurance status until a new, AI-qualified quality gate is applied.

Recommendations on custom quality gates for AI code

To safeguard your projects from potential issues introduced by AI-generated code and fixes, it's crucial to implement stringent quality control and review processes. By setting conditions on your New Code Definition (NCD) within your quality gate, you can proactively prevent the buildup of new issues as you leverage AI assistance in your coding process.

Remember that AI assistants might have been used to generate code in your projects even before you defined your NCD. Therefore, it's essential to also apply conditions to Overall Code. This extra layer of protection helps catch vulnerabilities and critical reliability issues that could be lurking in your project, beyond the reach of your NCD.

Using Sonar way for AI code, the recommended quality gate for AI Code Assurance

The Sonar way for AI Code quality gate incorporates these recommendations and is the suggested quality gate for AI code projects. To ensure your AI-generated code is secure, high-quality, and maintainable, while also boosting development productivity and avoiding business risks, it needs strict quality control and reviews on both new and overall code.

Conditions applied to the Sonar way for AI code quality gate

The Sonar way for AI code quality gate has seven conditions:

Conditions on new code:
- No new issues are introduced
- All new Security Hotspots are reviewed
- New code test coverage is greater than or equal to 80.0%
- Duplication in the new code is less than or equal to 3.0%
Conditions on overall code:
- Security rating: A
- All security hotspots are reviewed
- Reliability rating: C

Qualifying your quality gate for AI Code Assurance

Any quality gate can be marked as qualified for AI code with the AI Code Assurance status label available for quality gates. To activate this label, open the Actions menu of your quality gate on the Quality Gates page and select Qualify for AI Code Assurance. Before you create a custom quality gate for AI code, check the recommendations listed above for conditions included in the Sonar way for AI Code quality gate.

Apply your quality gate for AI Code Assurance

The final step in achieving AI Code Assurance requires that an AI-qualified quality gate be applied to your project. In SonarQube Cloud, navigate to Your Project > Project Settings > Quality Gate.

If you’ve already labeled the project as containing AI code, it's eligible for the AI Code Assurance status label; all you need to do is apply an AI-qualified quality gate.
Select a quality gate qualified for AI Code Assurance.

Projects completing these steps will show their AI Code Assurance status on the Projects, main-branch Overview, and Project Information pages. To understand the status labels and badges for AI Code Assurance, see the Monitor projects with AI code page.

Projects marked as containing AI-generated code and do not use an AI Code Assured quality gate will only display the $contains-ai-code label.

Autodetecting AI code

If your SonarCloud Organization is integrated with GitHub and you’re using GitHub Copilot, your project is eligible for automatically detecting AI-generated code. For more information, see Setting up AI Code Autodetection.

Monitoring your projects

If you've completed the steps above to apply AI Code Assured quality gates to your project, a series of external badges are available to publish on your websites. For more details, please see the Monitoring projects with AI code page.

Overview of AI capabilities
Setting your quality standards for AI Code Assurance
Enabling AI CodeFix at the project level to get AI-generated fix suggestions

Was this page helpful?

Managing quality gates for AI code

On this page

.css-215hmj{position:relative;--tw-text-opacity:1;color:rgb(0 0 0 / var(--tw-text-opacity, 1));}Overview.css-abpesc{width:2rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-abpesc:hover{fill:#290042;}

Overview