Stats
Actions
Tags
From sonarqube
Fetches and filters SonarQube issues for a project using sonarqube-cli, with support for severity, status, branch, and pull request filters.
How this skill is triggered — by the user, by Claude, or both
Slash command
/sonarqube:sonar-list-issues [project-key?] [--severities values] [--statuses values] [--branch name][project-key?] [--severities values] [--statuses values] [--branch name]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Search for issues in a SonarQube project using the `sonarqube-cli`.
Search for issues in a SonarQube project using the sonarqube-cli.
Unlike SonarQube MCP tools (which may use a default project from integration), sonar list issues always requires -p <project-key>. Resolve the key from the user-provided arguments or sonar-project.properties before running the CLI.
sonar-list-issues # issues in the current project
sonar-list-issues my-project # issues in a specific project key
sonar-list-issues my-project --severities CRITICAL,BLOCKER # filter by severities
sonar-list-issues my-project --statuses OPEN,CONFIRMED # filter by status
sonar-list-issues my-project --branch main # on a specific branch
sonar-list-issues my-project --pr 42 # on a pull request
This skill uses the sonarqube-cli command. The CLI must be installed and authenticated before proceeding.
Before proceeding, verify that sonar is available on your PATH and authenticated. If it is not, do not attempt to call any alternative commands or invent alternatives, and show the user:
Unable to list issues.
Possible causes:
sonarqube-clinot installed or not authenticated — invoke the sonar-integrate skill- Project key is wrong or missing —
-pis mandatory forsonar list issues; invoke the sonar-list-projects skill or setsonar.projectKeyinsonar-project.properties
Then ask the user (yes/no) whether to run the sonar-integrate skill now. If they confirm, invoke the sonar-integrate skill yourself and follow it end-to-end in this session, then re-check and continue; if they decline, stop.
This flow uses sonar list issues (CLI), not MCP. The CLI always needs -p <project-key> — do not invoke it without a resolved key.
sonar.projectKey in sonar-project.properties at the repo root.sonar list issues. Tell the user: "Invoke the sonar-list-projects skill to find your project key, then re-run with that key," or add sonar.projectKey to sonar-project.properties. (MCP integration defaults do not apply to this CLI command.)| Flag | Maps to CLI option |
|---|---|
--severities <values> | --severities |
--statuses <values> | --statuses |
--branch <name> | --branch |
--pr <id> | --pull-request |
sonar list issuesdoes not support filtering by issue type, rule, tag, or component, nor a--resolvedflag. Only the options above (plus--format,--page, and--page-size) exist. To filter by rule/type/tag/component or to drill into a single file, use the MCP-based skills (e.g. sonar-analyze for a file, ormcp__sonarqube__search_sonar_issues_in_projects).
Before building the command, validate each user-supplied value against the following rules. If any value fails validation, stop and tell the user what was rejected and why — do not run the command. Validate the resolved project key (from args or sonar-project.properties) against the project-key pattern before running the CLI.
| Argument | Allowed pattern |
|---|---|
| project key | ^[a-zA-Z0-9_\-\.:]+$ |
--severities | comma-separated subset of: INFO, MINOR, MAJOR, CRITICAL, BLOCKER, HIGH, MEDIUM, LOW |
--statuses | comma-separated subset of: OPEN, CONFIRMED, FALSE_POSITIVE, ACCEPTED, FIXED |
--branch | ^[a-zA-Z0-9_\-\./]+$ |
--pr | digits only |
sonar list issuesBuild and run the command using a shell command. Always pass -p with the key resolved in Step 1.
sonar list issues -p <project-key> --format toon [--severities <values>] [--statuses <values>] [--branch <name>] [--pull-request <id>]
Only include optional flags that were provided.
If issues are found, present a summary line then a table sorted by severity then line number:
## SonarQube Issues — `my-project` (branch: `main`)
Found **12 issue(s)**:
| File | Line | Severity | Rule | Message |
| -------------------- | ---- | --------- | ------------ | ----------------------------- |
| src/auth/login.py | 12 | 🔴 Blocker | python:S2077 | SQL injection risk |
| src/utils/helpers.py | 34 | 🟠 High | python:S2259 | Null dereference |
| src/api/routes.py | 67 | 🟡 Medium | python:S3776 | Cognitive complexity too high |
Severity icons (the label depends on the server version):
If no issues are found:
## SonarQube Issues — `my-project`
✅ No issues found.
<rule> at <file>:<line>."npx claudepluginhub sonarsource/sonarqube-agent-plugins --plugin sonarqubeIntegrates SonarQube/SonarCloud via MCP server for quality gate checks, issue discovery/triaging, pre-push code analysis, and rule explanations in agent workflows. Use for gate status, finding issues, snippet analysis before commits, or rule details.
Lists SonarQube projects accessible to the current user with optional search by name or key. Useful for discovering project keys before running other SonarQube skills.
Fetches Qodo AI code review issues from PRs/MRs on GitHub, GitLab, Bitbucket, Azure DevOps and fixes them interactively or in batch with inline replies.