Run any Skill in Manus with one click

springboot-verification

Stars0

Forks0

UpdatedApril 16, 2026 at 01:22

Use before opening PRs, after major refactoring, or pre-deployment for Spring Boot verification. Do NOT use for writing tests (use springboot-tdd), security implementation (use springboot-security), or general patterns (use springboot-patterns).

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

Run Skill in Manus

Source

sskim91

sskim91/dotfiles

View GitHub Repository View Creator Repositories

Download

Run Skill in Manus

Related occupationsSOC

Based on SOC occupation classification

Software Quality Assurance Analysts and TestersComputer and Mathematical Occupations·SOC 15-1253

SKILL.md

readonly

name	springboot-verification
description	Use before opening PRs, after major refactoring, or pre-deployment for Spring Boot verification. Do NOT use for writing tests (use springboot-tdd), security implementation (use springboot-security), or general patterns (use springboot-patterns).
paths	*/.java, */build.gradle, **/pom.xml

Spring Boot Verification Loop

PR, 배포 전 검증 파이프라인. 빌드 → 정적분석 → 테스트+커버리지 → 보안스캔 → diff 리뷰.

When to Activate

PR 열기 전
대규모 리팩토링 / 의존성 업그레이드 후
Staging/Production 배포 전
전체 검증 파이프라인 실행

CRITICAL Rules

Phase 순서 엄수 — 앞 단계 실패 시 즉시 중단 후 수정
커버리지 80% 미만 = FAIL — 예외 없음
OWASP Critical/High CVE = FAIL — 배포 차단
System.out.println = FAIL — Logger 사용 필수

Phase 1: Build

# Maven
mvn -T 4 clean verify -DskipTests

# Gradle
./gradlew clean assemble -x test

빌드 실패 시 중단. 컴파일 에러, 리소스 누락 먼저 해결.

Phase 2: Static Analysis

Maven

# 개별 실행
mvn spotbugs:check
mvn pmd:check
mvn checkstyle:check

# 한번에
mvn -T 4 spotbugs:check pmd:check checkstyle:check

Gradle

./gradlew checkstyleMain pmdMain spotbugsMain

Common Issues to Check

# System.out.println (logger 사용해야 함)
grep -rn "System\.out\.print" src/main/ --include="*.java"

# Raw exception messages in responses (정보 유출)
grep -rn "e\.getMessage()" src/main/ --include="*.java" | grep -i "response\|body\|return"

# TODO/FIXME left behind
grep -rn "TODO\|FIXME\|HACK\|XXX" src/main/ --include="*.java"

# Wildcard imports
grep -rn "import .*\.\*;" src/main/ --include="*.java"

Phase 3: Tests + Coverage

# Maven
mvn -T 4 test
mvn jacoco:report
# Report: target/site/jacoco/index.html

# Gradle
./gradlew test jacocoTestReport
# Report: build/reports/jacoco/test/html/index.html

Coverage Verification

# Maven — fails if < 80%
mvn jacoco:check

# Check coverage summary
cat target/site/jacoco/jacoco.csv | head -5

Test Failure Analysis

실패한 테스트가 있으면:

실패 메시지와 stack trace 확인
최근 변경 사항과 관련성 파악
Flaky test 여부 확인 (재실행으로 판별)
수정 후 Phase 3 재실행

Phase 4: Security Scan

Dependency CVE Scan

# Maven (OWASP Dependency Check)
mvn org.owasp:dependency-check-maven:check
# Report: target/dependency-check-report.html

# Gradle
./gradlew dependencyCheckAnalyze

Source Code Secrets Scan

# Hardcoded passwords
grep -rn 'password\s*=\s*"' src/ --include="*.java" --include="*.yml" --include="*.properties"

# API keys and secrets
grep -rn 'sk-\|api_key\|secret\s*=' src/ --include="*.java" --include="*.yml"

# Git history secrets (if git-secrets configured)
git secrets --scan

Security Anti-Patterns

# Wildcard CORS (production 금지)
grep -rn 'allowedOrigins.*"\*"' src/main/ --include="*.java"

# CSRF disabled without comment/justification
grep -rn 'csrf.*disable' src/main/ --include="*.java"

# Field injection (@Autowired on fields)
grep -rn '@Autowired' src/main/ --include="*.java" | grep -v "constructor\|param"

Phase 5: Format (Optional)

# Spotless (Maven)
mvn spotless:check    # Verify only
mvn spotless:apply    # Auto-fix

# Spotless (Gradle)
./gradlew spotlessCheck
./gradlew spotlessApply

Phase 6: Diff Review

git diff --stat
git diff

Diff Checklist

디버깅 로그 제거 (System.out, unguarded log.debug)
HTTP 상태 코드 적절한지 확인
@Transactional 필요한 곳에 있는지 확인
@Valid 사용하여 입력 검증하는지 확인
새 설정값은 문서화 / application.yml에 반영
새 의존성 추가 시 라이선스 호환성 확인
API 변경 시 하위 호환성 확인
민감 정보 로깅 없는지 확인

Verification Report Template

VERIFICATION REPORT
===================
Build:     [PASS/FAIL]
Static:    [PASS/FAIL] (spotbugs/pmd/checkstyle findings: N)
Tests:     [PASS/FAIL] (X/Y passed, Z% line coverage)
Security:  [PASS/FAIL] (CVE critical: N, high: N)
Format:    [PASS/SKIP]
Diff:      [X files changed, +Y/-Z lines]

Overall:   [READY / NOT READY]

Issues to Fix:
1. ...
2. ...

Quick Verification (Development)

풀 파이프라인이 무거울 때, 빠른 피드백 루프:

# Maven — build + test only
mvn -T 4 test

# + spotbugs만
mvn -T 4 test spotbugs:check

# Gradle
./gradlew test spotbugsMain

대규모 변경이나 PR 전에는 반드시 전체 파이프라인 실행.

Cross-References

Topic	Skill
Test 작성 방법 (MockMvc, Mockito)	`springboot-tdd`
Security 구현	`springboot-security`
JPA 테스트 (DataJpaTest, Testcontainers)	`jpa-patterns`
Core Spring Boot 패턴	`springboot-patterns`
병합 전 다축 코드 리뷰 (correctness/security/perf)	`code-review`

References

Spring Boot Reference: Testing — Official test guide
OWASP Dependency-Check — CVE scanning
SpotBugs — Static analysis for Java
JaCoCo — Code coverage

More from this repository

same repository

genos-knowledge-capture

sskim91/dotfiles

Use when GenOS 작업에서 얻은 재사용 가능한 지식(플랫폼 패턴·함정·고객사 결정)을 개인 Obsidian vault(Projects/GenonAI)에 기록할 가치가 생겼거나, GenOS 작업 맥락에서 사용자가 "지식 캡처", "vault에 정리/기록", "MOC", "읽는 순서", "field note", "/genos-knowledge-capture"를 요청할 때 사용. Do NOT use for: GenOS와 무관한 노트, 웹 리서치 기반 일반 개념 노트, 단순 진행상황·세션 상태.

2026-06-210

wiki-compiler

sskim91/dotfiles

Use when user says "wiki compile", "위키 컴파일", "raw 정리", "지식 컴파일", "소스 컴파일", or wants to compile raw sources into a structured wiki. Do NOT use for individual note creation (use obsidian-note) or vault maintenance (use vault-linter).

2026-06-160

vault-linter

sskim91/dotfiles

Use when user says "vault lint", "노트 점검", "vault 정리", "orphan notes", "링크 점검", or wants to check Obsidian vault health. Do NOT use for individual note creation (use obsidian-note) or tag management (use til-tagger).

2026-06-160

excalidraw-diagram

sskim91/dotfiles

Create Excalidraw diagram JSON files that make visual arguments. Use when the user wants to visualize workflows, architectures, or concepts. Use when user says "다이어그램", "diagram", "excalidraw", "시각화", "아키텍처 그려". Do NOT use for Mermaid diagrams or draw.io.

2026-06-160

obsidian-note

sskim91/dotfiles

Use when user mentions "Obsidian", "옵시디언", "write as note", "save to notes", "노트로 저장", or /obsidian-note command. Do NOT use for TIL (use til), YouTube notes (use youtube-summarizer), GenOS 작업 지식 캡처 (use genos-knowledge-capture), or deep/team/multi-angle note research (use agentic-notes).

2026-06-070

agentic-notes

sskim91/dotfiles

Use when the user asks to create an Obsidian note with an agent team, deep research, strict verification, multiple angles, or phrases like "팀으로 조사해서 노트", "깊게 조사해서 옵시디언 노트", "/agentic-notes", "--team", "--verify strict", or "--deep". Do NOT use for a simple one-shot Obsidian note; use obsidian-note instead.

2026-06-070

name	springboot-verification
description	Use before opening PRs, after major refactoring, or pre-deployment for Spring Boot verification. Do NOT use for writing tests (use springboot-tdd), security implementation (use springboot-security), or general patterns (use springboot-patterns).
paths	*/.java, */build.gradle, **/pom.xml

Spring Boot Verification Loop

PR, 배포 전 검증 파이프라인. 빌드 → 정적분석 → 테스트+커버리지 → 보안스캔 → diff 리뷰.

When to Activate

PR 열기 전
대규모 리팩토링 / 의존성 업그레이드 후
Staging/Production 배포 전
전체 검증 파이프라인 실행

CRITICAL Rules

Phase 순서 엄수 — 앞 단계 실패 시 즉시 중단 후 수정
커버리지 80% 미만 = FAIL — 예외 없음
OWASP Critical/High CVE = FAIL — 배포 차단
System.out.println = FAIL — Logger 사용 필수

Phase 1: Build

# Maven
mvn -T 4 clean verify -DskipTests

# Gradle
./gradlew clean assemble -x test

빌드 실패 시 중단. 컴파일 에러, 리소스 누락 먼저 해결.

Phase 2: Static Analysis

Maven

# 개별 실행
mvn spotbugs:check
mvn pmd:check
mvn checkstyle:check

# 한번에
mvn -T 4 spotbugs:check pmd:check checkstyle:check

Gradle

./gradlew checkstyleMain pmdMain spotbugsMain

Common Issues to Check

# System.out.println (logger 사용해야 함)
grep -rn "System\.out\.print" src/main/ --include="*.java"

# Raw exception messages in responses (정보 유출)
grep -rn "e\.getMessage()" src/main/ --include="*.java" | grep -i "response\|body\|return"

# TODO/FIXME left behind
grep -rn "TODO\|FIXME\|HACK\|XXX" src/main/ --include="*.java"

# Wildcard imports
grep -rn "import .*\.\*;" src/main/ --include="*.java"

Phase 3: Tests + Coverage

# Maven
mvn -T 4 test
mvn jacoco:report
# Report: target/site/jacoco/index.html

# Gradle
./gradlew test jacocoTestReport
# Report: build/reports/jacoco/test/html/index.html

Coverage Verification

# Maven — fails if < 80%
mvn jacoco:check

# Check coverage summary
cat target/site/jacoco/jacoco.csv | head -5

Test Failure Analysis

실패한 테스트가 있으면:

실패 메시지와 stack trace 확인
최근 변경 사항과 관련성 파악
Flaky test 여부 확인 (재실행으로 판별)
수정 후 Phase 3 재실행

Phase 4: Security Scan

Dependency CVE Scan

# Maven (OWASP Dependency Check)
mvn org.owasp:dependency-check-maven:check
# Report: target/dependency-check-report.html

# Gradle
./gradlew dependencyCheckAnalyze

Source Code Secrets Scan

# Hardcoded passwords
grep -rn 'password\s*=\s*"' src/ --include="*.java" --include="*.yml" --include="*.properties"

# API keys and secrets
grep -rn 'sk-\|api_key\|secret\s*=' src/ --include="*.java" --include="*.yml"

# Git history secrets (if git-secrets configured)
git secrets --scan

Security Anti-Patterns

# Wildcard CORS (production 금지)
grep -rn 'allowedOrigins.*"\*"' src/main/ --include="*.java"

# CSRF disabled without comment/justification
grep -rn 'csrf.*disable' src/main/ --include="*.java"

# Field injection (@Autowired on fields)
grep -rn '@Autowired' src/main/ --include="*.java" | grep -v "constructor\|param"

Phase 5: Format (Optional)

# Spotless (Maven)
mvn spotless:check    # Verify only
mvn spotless:apply    # Auto-fix

# Spotless (Gradle)
./gradlew spotlessCheck
./gradlew spotlessApply

Phase 6: Diff Review

git diff --stat
git diff

Diff Checklist

디버깅 로그 제거 (System.out, unguarded log.debug)
HTTP 상태 코드 적절한지 확인
@Transactional 필요한 곳에 있는지 확인
@Valid 사용하여 입력 검증하는지 확인
새 설정값은 문서화 / application.yml에 반영
새 의존성 추가 시 라이선스 호환성 확인
API 변경 시 하위 호환성 확인
민감 정보 로깅 없는지 확인

Verification Report Template

VERIFICATION REPORT
===================
Build:     [PASS/FAIL]
Static:    [PASS/FAIL] (spotbugs/pmd/checkstyle findings: N)
Tests:     [PASS/FAIL] (X/Y passed, Z% line coverage)
Security:  [PASS/FAIL] (CVE critical: N, high: N)
Format:    [PASS/SKIP]
Diff:      [X files changed, +Y/-Z lines]

Overall:   [READY / NOT READY]

Issues to Fix:
1. ...
2. ...

Quick Verification (Development)

풀 파이프라인이 무거울 때, 빠른 피드백 루프:

# Maven — build + test only
mvn -T 4 test

# + spotbugs만
mvn -T 4 test spotbugs:check

# Gradle
./gradlew test spotbugsMain

대규모 변경이나 PR 전에는 반드시 전체 파이프라인 실행.

Cross-References

Topic	Skill
Test 작성 방법 (MockMvc, Mockito)	`springboot-tdd`
Security 구현	`springboot-security`
JPA 테스트 (DataJpaTest, Testcontainers)	`jpa-patterns`
Core Spring Boot 패턴	`springboot-patterns`
병합 전 다축 코드 리뷰 (correctness/security/perf)	`code-review`

References

Spring Boot Reference: Testing — Official test guide
OWASP Dependency-Check — CVE scanning
SpotBugs — Static analysis for Java
JaCoCo — Code coverage