aehrc/sonarcloud-api
.claude/skills/sonarcloud-api/SKILL.md
Expert guidance for using the SonarCloud API to interact with code quality analysis, projects, issues, quality gates, and metrics. Use this skill when making API calls to SonarCloud, automating code quality workflows, retrieving analysis results, managing projects programmatically, or integrating SonarCloud with CI/CD pipelines. Trigger keywords include "SonarCloud", "SonarCloud API", "code quality API", "SonarQube Cloud", "quality gate", "code analysis API", "SonarCloud measures", "SonarCloud issues".
$ install --global
skillsauthnpx skillsauth add aehrc/pathling sonarcloud-apiInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 28, 2026, 10:26 AM36.2s4 files scanned
SKILL.md
- name:
- sonarcloud-api
- description:
- Expert guidance for using the SonarCloud API to interact with code quality analysis, projects, issues, quality gates, and metrics. Use this skill when making API calls to SonarCloud, automating code quality workflows, retrieving analysis results, managing projects programmatically, or integrating SonarCloud with CI/CD pipelines. Trigger keywords include "SonarCloud", "SonarCloud API", "code quality API", "SonarQube Cloud", "quality gate", "code analysis API", "SonarCloud measures", "SonarCloud issues".
SonarCloud API
Overview
SonarCloud provides two API versions for programmatic access:
- Web API v2 - Modern REST API with OpenAPI specifications at
https://api.sonarcloud.io/api/v2/ - Web API v1 - Legacy API at
https://sonarcloud.io/api/with comprehensive endpoint coverage
Quick start
# Get project metrics
curl -X GET "https://sonarcloud.io/api/measures/component?component=my_project&metricKeys=bugs,vulnerabilities,code_smells" \
-H "Authorization: Bearer YOUR_TOKEN"
Authentication
Use bearer token authentication for all requests:
Authorization: Bearer <token>
Token types
| Token Type | Plan | Scope | Use Case | | --------------------- | ---- | ------------------- | --------------------- | | Personal Access Token | Free | User-level | Individual API access | | Organisation Token | Team | Organisation-scoped | CI/CD, automation |
Generate tokens at Account > Security > Generate Tokens in SonarCloud UI.
Base URLs
| API Version | Base URL |
| ----------- | ----------------------------------- |
| Web API v1 | https://sonarcloud.io/api/ |
| Web API v2 | https://api.sonarcloud.io/api/v2/ |
Request format
Content-Type: application/x-www-form-urlencoded (v1) or application/json (v2)
For POST requests, use form data parameters rather than URI query parameters.
Rate limiting
Requests are rate-limited. When exceeded, the API returns HTTP 429. Wait several minutes before retrying.
Pagination
Most list endpoints support pagination with p (page number) and ps (page size) parameters.
Common tasks
Get project quality gate status
curl -X GET "https://sonarcloud.io/api/qualitygates/project_status?projectKey=my_project" \
-H "Authorization: Bearer YOUR_TOKEN"
Search issues
curl -X GET "https://sonarcloud.io/api/issues/search?componentKeys=my_project&types=BUG,VULNERABILITY" \
-H "Authorization: Bearer YOUR_TOKEN"
Get component measures
curl -X GET "https://sonarcloud.io/api/measures/component?component=my_project&metricKeys=ncloc,coverage,duplicated_lines_density" \
-H "Authorization: Bearer YOUR_TOKEN"
List projects
# v2 API
curl -X GET "https://api.sonarcloud.io/api/v2/projects?organization=my_org" \
-H "Authorization: Bearer YOUR_TOKEN"
API reference
For detailed endpoint documentation, see the reference files:
- v2-api.md - Modern v2 API endpoints (Projects, Quality Gates, Analysis, Organisations)
- v1-api.md - Legacy v1 API endpoints (Issues, Measures, Components, Rules)
- metrics.md - Available metric keys and their meanings
Error handling
| Status Code | Meaning | | ----------- | --------------------------------------- | | 400 | Bad request - check parameters | | 401 | Unauthorised - invalid or missing token | | 403 | Forbidden - insufficient permissions | | 404 | Not found - resource does not exist | | 429 | Rate limited - wait and retry | | 500 | Server error |
CI/CD integration examples
GitHub Actions
- name: Check Quality Gate
run: |
STATUS=$(curl -s -H "Authorization: Bearer ${{ secrets.SONAR_TOKEN }}" \
"https://sonarcloud.io/api/qualitygates/project_status?projectKey=${{ vars.SONAR_PROJECT_KEY }}" \
| jq -r '.projectStatus.status')
if [ "$STATUS" != "OK" ]; then
echo "Quality Gate failed"
exit 1
fi
GitLab CI
check_quality_gate:
script:
- |
STATUS=$(curl -s -H "Authorization: Bearer $SONAR_TOKEN" \
"https://sonarcloud.io/api/qualitygates/project_status?projectKey=$SONAR_PROJECT_KEY" \
| jq -r '.projectStatus.status')
if [ "$STATUS" != "OK" ]; then exit 1; fi
Related Skills
aehrc/wiremock
tools
VerifiedTrustedCommunity
Expert guidance for using WireMock in Java applications for HTTP API mocking and testing. Use this skill when the user asks to mock HTTP APIs, create API stubs, test REST clients, simulate network faults, verify HTTP requests, or integrate WireMock with Spring Boot. Trigger keywords include "wiremock", "mock http", "stub api", "http mock", "api testing", "rest mock", "simulate fault", "verify request", "spring boot wiremock".
125SKILL.mdUpdated Mar 27, 2026
aehrc/sql-on-fhir
documentation
VerifiedTrustedCommunity
Expert guidance for implementing SQL on FHIR v2 ViewDefinitions and operations to create portable, tabular projections of FHIR data. Use this skill when the user asks to create ViewDefinitions, flatten FHIR resources into tables, write FHIRPath expressions for data extraction, implement forEach/forEachOrNull/repeat patterns for unnesting, create where clauses for filtering, use constants in view definitions, combine data with unionAll, execute ViewDefinitions with $run or $export operations, or implement SQL on FHIR server capabilities. Trigger keywords include "ViewDefinition", "SQL on FHIR", "flatten FHIR", "tabular FHIR", "FHIR to SQL", "FHIR analytics", "FHIRPath columns", "unnest FHIR", "$viewdefinition-run", "$export", "view runner", "repeat", "recursive", "QuestionnaireResponse".
125SKILL.mdUpdated Mar 27, 2026
aehrc/Apache Spark Catalyst API
development
VerifiedTrustedCommunity
Expert guidance for working with the Apache Spark Catalyst query optimisation framework. Use this skill when working with Spark SQL internals, creating custom expressions, implementing query optimisations, working with logical/physical plans, or extending Catalyst. Trigger keywords include "catalyst", "spark sql", "expression", "logical plan", "physical plan", "tree node", "query optimisation", "rule executor", "analyzer", "optimizer", "code generation".
125SKILL.mdUpdated Mar 27, 2026
aehrc/smart-app-launch
tools
VerifiedTrustedCommunity
Expert guidance for implementing SMART App Launch (HL7 FHIR specification for OAuth 2.0-based authorization). Use this skill when implementing FHIR app authorization, EHR launch sequences, standalone app launch, backend services authentication, SMART scopes, token handling, or capability discovery. Trigger keywords include "SMART", "SMART on FHIR", "EHR launch", "standalone launch", "FHIR authorization", "FHIR OAuth", "backend services", "system scopes", "patient scopes", "fhirUser", ".well-known/smart-configuration", "PKCE", "client_credentials", "launch context".
125SKILL.mdUpdated Mar 27, 2026