Automatic detection of AI code in your project

Responsible use of AI can increase development velocity. However, when AI-generated code is used, it is important to apply a high code quality and security standard to such projects to reduce risk and upkeep long term maintainability of the code base. SonarQube can automatically detect presence of AI-generated code in your project when GitHub and GitHub Copilot are used.

1090×434 30.2 KB

Please note that, for this feature to work, SonarQube needs additional permissions through the GitHub app.

If you are using SonarQube Server (available from SonarQube Server 2025.1 LTA, Developer Edition+), follow these steps to complete setting up Autodetecting AI code.

If you are using SonarQube Cloud (available in Team plan+), follow these steps to complete setting up Autodetecting AI code.

AI Code Assurance

When AI-generated code is detected (or if you are aware of presence of AI-generated code) in your project, we recommend protecting such projects with Sonar’s AI Code Assurance workflow. This will allow your team to confidently embrace AI-coding assistants to boost development productivity. Read more here.

Hello,
I’d appreciate some clarification on a few points regarding SonarQube’s AI-related features:

1. AI Code Detection

• How does GitHub + Copilot determine which parts of the code are AI-generated and which are not?
• What methodology or criteria are used to achieve this differentiation?

2. “Sonar Way for AI Code” Quality Gate

• What are the key improvements in this new gate?
• Does it introduce new rules or extend existing conditions for AI-generated code?

3. “AI Code Fix” Suggestions

• Are these fixes exclusively for AI-generated code, or do they apply to all code?
• Are they additional to the regular suggestions (i.e., do we now receive both “standard” and “AI-specific” recommendations)?

Thanks in advance for your insights!

Our Sonar version: Enterprise Edition v2025.1.1 (104738)