Hi all,
Following our webinar, please find here the questions that were asked during the session!
Q: How does it detect the AI generated code and what is the confidence that it detects AI code correctly 100% of times?
A: We use Copilot APIs and some other signals (our I.P.) to detect it. Our internal testing has shown very high accuracy.
Q: Is this a SonarQube proprietary model that fixes code problems? Or we can choose a model to use?
A: SonarQube Server currently uses OpenAI’s GPT-4 to generate the suggestions. We are considering enabling your own models.
Q: Can those issues be seen in IDE before even pushing the code or creating a PR?
A: SonarQube for IDE detects most issues as you code. It is available in your preferred IDEs: Visual Studio, VS Code, IntelliJ IDEs, and Eclipse. You’ll find more about it here: https://www.sonarsource.com/products/sonarlint/most
Q: Are both features (AI code assurance and AI code fix) available with developer edition?
A: AI CodeAssurance is available in Developer Edition and higher. AI CodeFix in early access is available on both Developer edition and Enterprise Edition. After Early Access, this may change (not yet decided).
Q: When do you expect integrating CWE 2024 reports?
A: It is on our to-do list for 2025.
Q: What’s the data retention and data usage policy for our code base?
A: In case of SonarQube Server, all your code is in your control. You can actually, run SQ Server in air-gapped way without an internet connection if you don’t use the AI CodeFix service.
Q: Can we use SonarQube with Atlassian Bitbucket or is it a replacement for Bitbucket?
A: SonarQube Server integrates with Bitbucket, analyzing Bitbucket repositories and decorating Pull Requests. Check out: Bitbucket Server & Data Center | SonarQube Server Documentation and Bitbucket Cloud integration | SonarQube Server Documentation
Q: Any integration with Azure DevOps?
A: Yes, we do support Azure DevOps Azure DevOps integration | SonarQube Server Documentation
Q: Are there any rules to detect Accessibility issues? (wcag, accessibility, html)
A: We already have some support and are looking into adding more support for Accessibility. HTML static code analysis | accessibility
Q: Where can I find the documentation on how to configure AI code fix?
A: You’ll find more information in our documentation: Using AI features | SonarQube Server Documentation