All Skills
c
sap-commerce-sonarqube
Test, Deploy & Monitor
Use for SAP Commerce SonarQube/SonarCloud quality workflows: fetch issues for PR/branch, generate tracking reports, compare branches, and apply supported rule-specific autofixes while preserving behavior.
csap-commerce-sonarqube
$
npx skills add commerce-cloud-integrations/sap-commerce-agent-skills --skill sap-commerce-sonarqubeSAP Commerce SonarQube
Overview
Use this skill to run a deterministic Sonar workflow: fetch, analyze, report, and fix in small safe batches.
Trigger Checklist
Use this skill when one or more are true:
- you need Sonar issues for a PR or branch
- you need a markdown tracking report
- you need issue-diff between two branches
- you need scripted autofix for supported rules
Setup
- Export
SONAR_TOKENin the shell before running scripts. - Keep credentials out of chat, logs, and commits.
Progressive Disclosure
Load only what the task needs:
references/sonar-api.mdfor API/auth parameter detailsreferences/quality-rules.mdfor SAP Commerce fix constraintsreferences/workflow-examples.mdfor command templatesreferences/autofix-rules.mdfor currently supported rules/wrappersreferences/gotchas.mdfor common fetch/autofix pitfalls
Workflow
- Confirm scope:
base-url,project-key, PR/branch, leak-period mode. - Fetch issues with
scripts/sonar_fetch.py. - Generate/update report with
scripts/sonar_report.py. - If needed, compare with
scripts/sonar_diff.py. - Autofix one rule at a time via
scripts/sonar_autofix.py(inspect list, then apply). - Resolve remaining issues manually using
references/quality-rules.md. - Record exact fixes in the tracking report.
Fixing Rules
- Prefer small behavior-preserving changes over broad refactors.
- Do not silence rules with
@SuppressWarningsor//NOSONAR. - Keep each autofix batch scoped to a single rule.
Verification
- Run targeted checks after each fix batch when risk is non-trivial.
- Call out any unverifiable change explicitly in the report.