From sonarqube
Fixes a specific SonarQube code quality or security issue by rule key and file location. Reads the rule description, applies minimal fix, and explains the change.
How this skill is triggered — by the user, by Claude, or both
Slash command
/sonarqube:sonar-fix-issue [rule-key] [file-path:line][rule-key] [file-path:line]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Fix a code quality or security issue identified by SonarQube.
Fix a code quality or security issue identified by SonarQube.
sonar-fix-issue java:S1481 src/main/java/MyClass.java:42
sonar-fix-issue python:S2077 src/auth/login.py
sonar-fix-issue Remove unused variable in MyClass.java
Parse the user-provided arguments for:
java:S1481, python:S2077)src/auth/login.py:34)If neither a rule key nor a file path can be determined, ask: "Which rule and file should I fix?"
Call mcp__sonarqube__show_rule with the rule key to retrieve the full rule description,
rationale, and remediation guidance before touching any code. Do not add extra parameters (such as projectKey) unless the tool schema requires them — after integration, rule lookup usually needs only the rule key.
If the MCP tool is unavailable, fall back to sonar api get "/api/rules/show?key=<rule-key>". If sonar is also unavailable or unauthenticated, rely on built-in knowledge of SonarQube rules.
Read the full file content. If a line number was given, focus analysis around that line but read the whole file to understand context.
After editing, briefly explain:
<file> to confirm no new issues were introduced."sonar.projectKey in sonar-project.properties) — the CLI always uses -p."claude plugin install sonarqube@claude-plugins-officialAnalyzes files or code snippets for quality and security issues using SonarQube. Detects bugs, vulnerabilities, and code smells. Requires SonarQube MCP server.
Integrates SonarQube/SonarCloud via MCP server for quality gate checks, issue discovery/triaging, pre-push code analysis, and rule explanations in agent workflows. Use for gate status, finding issues, snippet analysis before commits, or rule details.
Fixes a specific compliance finding from a check-best-practice-compliance report by accepting JSON diagnostics, finding codes, or natural language. Targeted one-fix cycle with location context and verification.