SonarQube Guardrails
SonarQube-specific code-quality checks. Enforces letter-rating minimums (A best, E worst) for reliability, security, and maintainability, plus a strict quality-gate check that surfaces failed-condition counts.
sonarqube to your lunar-config.yml:uses: github://earthly/lunar-lib/policies/sonarqube@v1.0.5
Included Guardrails
This policy includes 4 guardrails that enforce standards for your testing and quality.
quality-gate-passing
Verifies the SonarQube quality gate is green — status is OK and no
failed conditions. Reads .code_quality.native.sonarqube.quality_gate.
Skips if SonarQube data is not present for the component.
min-reliability-rating
Ensures the SonarQube reliability rating meets a configurable minimum
(A best, E worst; default A). Reads
.code_quality.native.sonarqube.ratings.reliability.
min-security-rating
Ensures the SonarQube security rating meets a configurable minimum
(A best, E worst; default A). Reads
.code_quality.native.sonarqube.ratings.security.
min-maintainability-rating
Ensures the SonarQube maintainability rating meets a configurable
minimum (A best, E worst; default A). Reads
.code_quality.native.sonarqube.ratings.maintainability.
How Guardrails Fit into Lunar
Lunar guardrails define your engineering standards as code. They evaluate data collected by integrations and produce pass/fail checks with actionable feedback.
Policies support gradual enforcement—from silent scoring to blocking PRs or deployments—letting you roll out standards at your own pace without disrupting existing workflows.
Learn How Lunar Works →Required Integrations
This policy evaluates data gathered by one or more of the following integration(s).
Make sure to enable them in your lunar-config.yml.
Configuration
Configure this policy in your lunar-config.yml.
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
min_reliability_rating
|
Optional |
A
|
Minimum reliability letter rating (A, B, C, D, E). A is best. |
min_security_rating
|
Optional |
A
|
Minimum security letter rating (A, B, C, D, E). A is best. |
min_maintainability_rating
|
Optional |
A
|
Minimum maintainability letter rating (A, B, C, D, E). A is best. |
Documentation
View on GitHubSonarQube Guardrails
SonarQube/SonarCloud-specific code-quality checks — quality gate and letter-rating thresholds.
Overview
Enforces SonarQube's native affordances — quality-gate OK status with zero failed conditions, and letter-rating minimums (A–E, A best) for reliability, security, and maintainability. Skips cleanly when SonarQube data is absent for a component, so it's safe to apply broadly. For checks against the tool-agnostic .code_quality.* path (coverage, duplication, issue counts, overall pass/fail), use the code-quality policy instead.
Policies
This plugin provides the following policies (use include to select a subset):
| Policy | Description | Failure Meaning |
|---|---|---|
quality-gate-passing |
Quality gate is OK with zero failed conditions |
Gate status is WARN/ERROR or conditions failed |
min-reliability-rating |
Reliability rating meets minimum | Rating worse than configured letter |
min-security-rating |
Security rating meets minimum | Rating worse than configured letter |
min-maintainability-rating |
Maintainability rating meets minimum | Rating worse than configured letter |
Required Data
This policy reads from the following Component JSON paths:
| Path | Type | Provided By |
|---|---|---|
.code_quality.native.sonarqube.quality_gate.status |
string | sonarqube collector (api or auto sub-collector) |
.code_quality.native.sonarqube.quality_gate.conditions_failed |
number | sonarqube collector (api or auto sub-collector) |
.code_quality.native.sonarqube.ratings.reliability |
string | sonarqube collector (api or auto sub-collector) |
.code_quality.native.sonarqube.ratings.security |
string | sonarqube collector (api or auto sub-collector) |
.code_quality.native.sonarqube.ratings.maintainability |
string | sonarqube collector (api or auto sub-collector) |
Note: All checks skip if .code_quality.native.sonarqube is absent — components without SonarQube configured will not fail. Apply the code-quality policy alongside this one to enforce "a scanner ran" regardless of which tool.
Installation
Add to your lunar-config.yml:
policies:
- uses: github://earthly/lunar-lib/policies/sonarqube@v1.0.0
on: ["domain:your-domain"]
enforcement: report-pr
# include: [quality-gate-passing] # Only run specific checks
with:
min_reliability_rating: "A" # Fail if reliability is B or worse
min_security_rating: "A" # Fail if security is B or worse
min_maintainability_rating: "B" # Fail if maintainability is C or worse
Examples
Passing Example
{
"code_quality": {
"native": {
"sonarqube": {
"quality_gate": { "status": "OK", "conditions_failed": 0 },
"ratings": {
"reliability": "A",
"security": "A",
"maintainability": "B"
}
}
}
}
}
Failing Example
{
"code_quality": {
"native": {
"sonarqube": {
"quality_gate": { "status": "ERROR", "conditions_failed": 3 },
"ratings": {
"reliability": "C",
"security": "B",
"maintainability": "D"
}
}
}
}
}
Failure messages:
quality-gate-passing: "SonarQube quality gate failed (status=ERROR, 3 conditions failed)"min-reliability-rating: "Reliability rating C is below minimum A"min-security-rating: "Security rating B is below minimum A"min-maintainability-rating: "Maintainability rating D is below minimum B"
Remediation
When this policy fails, you can resolve it by:
quality-gate-passingfailure: Review the failed conditions in the SonarQube UI and fix the flagged issues (new bugs, new vulnerabilities, coverage on new code, etc.).min-reliability-ratingfailure: Address the bugs SonarQube reports in the Reliability dimension.min-security-ratingfailure: Address the vulnerabilities in the Security dimension.min-maintainability-ratingfailure: Reduce technical debt by resolving code smells (the SQALE rating).
Open Source
This policy is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.
Common Use Cases
Explore how individual guardrails work with specific integrations.
Ready to Automate Your Standards?
See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 200+ built-in guardrails.
AI agent rules & prompt files
Post-mortem action items
Security & compliance policies
Testing & quality requirements