Scan code quality and vulnerabilities
sonarqube-scanskillsetup L2★381
majiayu000/claude-skill-registry ↗What it does
Run SonarQube static code analysis for quality and security
Best for
Automated code quality gates in CI/CD to detect security vulnerabilities, bugs, and technical debt before code reaches production.
Inputs
- · Python project directory
- · SonarCloud/SonarQube credentials and project key
Outputs
- · SonarCloud dashboard report (via web UI)
- · Code quality metrics and technical debt score
- · Security vulnerability list
- · Code coverage report
Requires
- · SonarCloud (cloud static analysis service)
- · pysonar scanner (Python-specific)
- · Internet connection (for result upload)
Preconditions
- · Python and pip installed
- · SonarCloud account and project configured
- · Valid SonarQube authentication token
- · Project key and organization configured
Failure modes
- · pysonar installation fails on network/permission errors
- · Invalid authentication token causes upload rejection
- · Large projects timeout if network is slow
- · Scan blocked if SonarCloud service is down
Trust signals
- · PowerShell and bash scripts provided for Windows/Linux/Mac
- · Troubleshooting guide covers common failure scenarios
- · Integration path documented for CI/CD pipeline setup