SonarQube

SonarQube provides continuous code quality inspection — detecting bugs, vulnerabilities, code smells, and enforcing quality standards.

URL	sonarqube.shared.cwiq.io
Login	SSO via Authentik
Version	Community Build 26.3

Accessing SonarQube

1. Open sonarqube.shared.cwiq.io (requires Tailscale)
2. Sign in via SSO

Projects

Each CWIQ repository has its own SonarQube project:

Project	Repository
orchestrator-server	Backend API (Python)
orchestrator-ui	Frontend (TypeScript)
orchestrator-agent	Task agent (Python)
orchestrator-mcp	MCP server (Python)
orchestrator-cli	CLI tool (Python)
orchestrator-executor	Sandbox executor (Python)

Navigating the Dashboard

Project Overview

Click a project to see:

• Quality Gate status: PASSED or FAILED
• Bugs: Reliability issues
• Vulnerabilities: Security issues
• Code Smells: Maintainability issues
• Coverage: Test coverage percentage
• Duplications: Code duplication percentage

Issues View

1. Click Issues in the sidebar
2. Filter by severity: Blocker, Critical, Major, Minor, Info
3. Filter by type: Bug, Vulnerability, Code Smell
4. Click an issue to see the code location and explanation

Quality Gates

A Quality Gate defines pass/fail criteria for code. If a pipeline fails the quality gate, the MR cannot be merged until issues are fixed.

Default quality gate conditions:

• No new bugs
• No new vulnerabilities
• Code coverage on new code >= threshold
• Duplication on new code < threshold

CI/CD Integration

SonarQube analysis runs automatically in every CI/CD pipeline. See SonarQube Scanning in CI/CD for details on how it works.