Loading...
Loading...
Found 9 Skills
Provides SonarQube and SonarCloud integration patterns via the Model Context Protocol (MCP) server. Enables quality gate monitoring, issue discovery and triaging, pre-push code analysis, and rule education directly in the agent workflow. Use when the user wants to check quality gates, search for Sonar issues, analyze code snippets before committing, or understand SonarQube rules. Triggers on "sonarqube", "sonarcloud", "quality gate", "sonar issues", "analyze with sonar", "check sonar", "sonar rule", "pre-push analysis".
SonarQube/SonarCloud integration for continuous code quality. Setup, configuration, quality gates, and CI/CD integration. USE WHEN: user mentions "SonarQube", "SonarCloud", "quality gates", asks about "code coverage", "technical debt", "code smells", "sonar-project.properties", "SonarScanner" DO NOT USE FOR: ESLint/Biome - use linting skills, OWASP security - use security skills, testing tools - use Vitest/Playwright skills
Playbook iterativo para llevar proyectos Node y TypeScript (NestJS + React en monorepo) a cumplir Quality Gates de SonarQube sin romper build ni pipelines. Usar cuando se necesite subir cobertura priorizando New Code, eliminar issues nuevos (Bugs, Vulnerabilities, Code Smells), revisar Security Hotspots y controlar duplicacion y deuda tecnica.
JaCoCo code coverage configuration for Java/Gradle projects. Covers report generation, coverage thresholds, multi-module aggregation, and SonarQube integration. Use when setting up or troubleshooting code coverage.
Research-backed code review skill with OWASP Top 10 security checks, SAST tool integration (SonarQube, CodeQL, Snyk), performance pattern detection, and automated quality standards enforcement. Auto-invoked for code review, security audit, PR analysis, and bug checking. Implements 2025 best practices with 92% faster vulnerability remediation.
Azure AD OAuth2/OIDC SSO integration for Kubernetes applications. Use when implementing Single Sign-On, configuring Azure AD App Registrations, restricting access by groups, or integrating tools (DefectDojo, Grafana, ArgoCD, Harbor, SonarQube) with Azure AD authentication.
Java code quality with Checkstyle, SpotBugs, PMD, and SonarJava. Covers static analysis, code style, and best practices. USE WHEN: user works with "Java", "Spring Boot", "Maven", "Gradle", asks about "Checkstyle", "SpotBugs", "PMD", "Java code smells", "Java best practices" DO NOT USE FOR: SonarQube generic - use `sonarqube` skill, testing - use Spring Boot test skills, security - use `java-security` skill
JaCoCo Java code coverage tool USE WHEN: user mentions "JaCoCo", "Java coverage", "code coverage", asks about "coverage threshold", "jacoco-maven-plugin", "coverage report", "LINE coverage", "BRANCH coverage" DO NOT USE FOR: JavaScript/TypeScript coverage - use Vitest skill, SonarQube analysis - use `sonarqube` skill, test execution - use testing skills
Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), container security scanning, dependency vulnerability management, and common vulnerability tools (Snyk, Trivy, OWASP ZAP, SonarQube)