// Find files with code duplications in a SonarQube project and inspect duplication blocks for a file (project key optional when MCP integration already defines the default project)
Installs sonarqube-cli if not already installed, authenticates, and integrates SonarQube with the current agent (installs analysis hooks & SonarQube MCP Server). Use when the user wants to set up SonarQube integration or asks to configure SonarQube.
Analyze a file or code snippet for quality and security issues using SonarQube
Find files with low test coverage and inspect uncovered lines in a SonarQube project (project key optional when MCP integration already defines the default project)
Search for software composition analysis (SCA) dependency risks in a SonarQube project (project key optional when MCP integration already defines the default project)
Fix a specific SonarQube issue in code by rule key and location
Search and filter SonarQube issues for a project, branch, or pull request via sonarqube-cli (`-p` is always required on the CLI; resolve the key from user arguments or sonar-project.properties)
| name | sonar-duplication |
| description | Find files with code duplications in a SonarQube project and inspect duplication blocks for a file (project key optional when MCP integration already defines the default project) |
| argument-hint | [project-key?] [--pr id] [--page-size n] [--page n] [--file key] |
| allowed-tools | Read, Grep |
List files that contain duplicated code in a SonarQube project, then drill into duplication blocks for a specific file when needed.
sonar-duplication # all duplicated files in the current project (auto-paginated)
sonar-duplication my-project # duplicated files in a specific project
sonar-duplication my-project --pr 42 # same, on a pull request
sonar-duplication my-project --page-size 100 --page 2 # single page of results (manual pagination)
sonar-duplication my-project --file src/auth/login.py # duplication detail for one file
This skill requires the SonarQube MCP Server to be configured and the tools mcp__sonarqube__search_duplicated_files and mcp__sonarqube__get_duplications to be available in your session.
Before proceeding, verify the tools are accessible. If they are not, do not attempt to call any CLI commands or invent alternatives, and show the user:
Unable to reach the SonarQube MCP Server, or project key not found.
Possible causes:
- MCP server not registered — invoke the sonar-integrate skill to configure the SonarQube MCP Server, then restart the agent session
- Credentials not configured — invoke the sonar-integrate skill
- Project key is wrong or no default project in MCP config — pass an explicit key, or verify
sonar-project.properties/ re-run the sonar-integrate skill for this project
Then ask the user (yes/no) whether to run the sonar-integrate skill now. If they confirm, invoke the sonar-integrate skill yourself and follow it end-to-end in this session, then ask the user to restart the agent session so the new MCP tools become available; if they decline, stop.
MCP tools sometimes do not require projectKey after the sonar-integrate skill has stored the default project for this workspace. Resolve a key only when you must pass it (tool schema requires it, or the user targets another project):
sonar.projectKey in sonar-project.properties at the repo root.projectKey in MCP calls and rely on the integration default.| Flag | Meaning |
|---|---|
--pr <id> | Pull request context (maps to pullRequest) |
--page-size <n> | Results per page for manual pagination only; integer 1–500 (maps to pageSize) |
--page <n> | Page number for manual pagination; starts at 1 (maps to pageIndex) |
--file <key> | Skip the duplicated-files list; fetch duplication blocks for this file (maps to key in get_duplications) |
Pagination rule: By default, call search_duplicated_files without pageSize or pageIndex so the MCP server auto-fetches every page of duplicated files (up to 10,000 files). Use pageSize and pageIndex only when the user asks for a specific page or wants to limit page size. If the user supplies --page-size but not --page, use pageIndex 1.
--file)Call mcp__sonarqube__search_duplicated_files.
Default (auto-fetch all pages):
Include projectKey only if you resolved one in Step 1 and the tool requires it; otherwise omit it.
{
"projectKey": "<only-if-required>",
"pullRequest": "<id>"
}
Omit pullRequest when --pr was not given. Omit pageSize and pageIndex entirely so all duplicated files are retrieved automatically. Omit projectKey from the payload when the integration default applies.
Manual pagination (single page):
{
"projectKey": "<only-if-required>",
"pullRequest": "<id>",
"pageSize": <n>,
"pageIndex": <n>
}
The tool returns only files that have duplications. Present results in a table. Include columns the response provides (for example path, duplicated line counts, or density); sort by the strongest duplication signal if multiple metrics exist (for example highest duplicated-lines density or count first).
## Duplication — `my-project`
Files with duplications:
| File | Duplicated lines (example) |
| -------------------- | -------------------------- |
| src/auth/login.py | 42 |
| src/utils/helpers.py | 18 |
If the list is empty: "No duplicated files were returned for this project/branch/PR."
Then offer to drill in:
"Ask me to open duplications for any file, or invoke the sonar-duplication skill with --file <file-key> (add a project key only if needed)."
--file <key> given, or user asks to inspect a file)Call mcp__sonarqube__get_duplications:
{
"key": "<file-key>",
"pullRequest": "<id>"
}
The file key format is <projectKey>:<path>, e.g. my-project:src/auth/login.py. If the user provides just a path, prepend the resolved project key when you have one; otherwise follow the MCP tool schema for the default project. Omit pullRequest when --pr was not given.
Permission: This call requires Browse permission on the file’s project. If the tool returns a permission or authorization error, tell the user they need the Browse role on the project and that they may need a role with code-view access.
Present duplication blocks from the response: for each block, show ranges, sibling copies, or other fields returned by the API so the user can see where code is duplicated.
## Duplication detail — `src/auth/login.py`
### Block 1
- Lines 10–24 (example) duplicated in `src/other/helper.py` lines 30–44
...
If the file has no duplications in the response, say: "No duplications were reported for this file."
<file>."new_duplicated_lines_density): "Invoke the sonar-quality-gate skill (add a project key only if you are not using the integration default)."