sonarqube-new-code-warning-fixer

Analyze newly updated code with SonarQube MCP, list warnings, fix all warnings, and fix broken tests. Use when asked to scan changed files from uncommitted work or branch diffs against develop/master/main, then remediate issues end-to-end.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "sonarqube-new-code-warning-fixer" with this command: npx skills add <repo-url-or-path>

SonarQube New Code Warning Fixer

Overview

Use SonarQube MCP to inspect only newly updated code, report warnings in a clear list, fix them, and finish with passing tests. Scope selection supports uncommitted changes and branch diffs.

Workflow

  1. Determine update scope. Run:
python3 scripts/list_newly_updated_files.py --mode auto --only code
  • auto: use uncommitted changes when present; otherwise use branch diff.
  • branch diff base: prefer develop, then master, then main.
  • if no changed code files are found, report no warnings and stop.
  1. Resolve SonarQube project key.
  • infer from repo name first.
  • call mcp__sonarqube__search_my_sonarqube_projects.
  • if multiple close matches exist, choose exact key match when available.
  1. Convert changed files to Sonar component keys. Run:
python3 scripts/list_newly_updated_files.py --mode auto --only code --project-key "<project-key>"
  • use sonar_components.prod and sonar_components.test.
  • query production and test components separately to avoid Sonar qualifier errors.
  1. Collect warnings on changed files with SonarQube MCP.
  • primary issues: mcp__sonarqube__search_sonar_issues_in_projects
    • set projects=[projectKey]
    • set issueStatuses=["OPEN","CONFIRMED"]
    • batch components to keep requests small (around 25 to 50 files per call).
  • security warnings: mcp__sonarqube__search_security_hotspots
    • set projectKey
    • pass the same file batch (path list, not component keys).
    • include unresolved statuses only.
  1. Show warning list before fixing.
  • sort by severity: BLOCKER, CRITICAL, MAJOR, MINOR, INFO.
  • include: issue key, severity, rule, file, line, message.
  • explicitly state Warnings found: 0 when empty.
  1. Fix all warnings in changed files.
  • fix highest severity first.
  • preserve behavior unless warning explicitly points to a bug.
  • avoid widening scope beyond changed files except for necessary shared utilities.
  • after edits, re-query Sonar for the same changed-file scope.
  1. Fix broken tests and validate.
  • run focused tests for touched modules first, then broader suite if needed.
  • if the repo has no reliable targeted mapping, run project default test command.
  • report remaining failures with exact test name and error.
  • continue until warnings on changed files are resolved and tests pass, or clearly report blockers.

Output Format

Use this order:

  1. Scope summary.
  2. Warning list.
  3. Fixes applied.
  4. Test results.
  5. Residual blockers (if any).

Resources

  • changed-file scope helper: scripts/list_newly_updated_files.py
  • Sonar query patterns and caveats: references/sonarqube-mcp-patterns.md

Sharing

Install this skill from a skills repository:

npx skills add <repo-url-or-path> --skill sonarqube-new-code-warning-fixer

Guardrails

  • keep analysis scoped to newly updated code unless user asks for full-project scan.
  • never hide unresolved warnings: list them explicitly.
  • do not claim tests passed unless tests were actually run in this environment.
  • if Sonar returns no results but warnings are expected, verify project key, file key format, and qualifier grouping before concluding.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

frontend-design

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, artifacts, posters, or applications (examples include websites, landing pages, dashboards, React components, HTML/CSS layouts, or when styling/beautifying any web UI). Generates creative, polished code and UI design that avoids generic AI aesthetics.

Repository SourceNeeds Review
161.1K94.2Kanthropics
Coding

remotion-best-practices

Use this skills whenever you are dealing with Remotion code to obtain the domain-specific knowledge.

Repository SourceNeeds Review
148.4K2.1Kremotion-dev
Coding

azure-ai

Service Use When MCP Tools CLI

Repository SourceNeeds Review
136.5K155microsoft
Coding

azure-deploy

AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE

Repository SourceNeeds Review
136.1K155microsoft