DiscordSign up
SKILLS.SH

springboot-verification

Automated verification pipeline for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review. Runs six sequential phases: Maven/Gradle build, static analysis (SpotBugs, PMD, Checkstyle), unit and integration tests with JaCoCo coverage reporting, dependency CVE scanning, optional code formatting, and git diff review Supports both Maven and Gradle with parallel build acceleration ( -T 4 flag) and includes example test patterns for unit tests, Testcontainers integration tests, and MockMvc API tests Detects common security issues: hardcoded secrets, System.out logging, raw exception messages in responses, and wildcard CORS configurations Generates structured verification report with pass/fail status per phase and actionable issue list for pre-PR and pre-deployment gates

INSTALLATION
npx skills add https://github.com/affaan-m/everything-claude-code --skill springboot-verification
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

Spring Boot Verification Loop

Run before PRs, after major changes, and pre-deploy.

When to Activate

  • Before opening a pull request for a Spring Boot service
  • After major refactoring or dependency upgrades
  • Pre-deployment verification for staging or production
  • Running full build → lint → test → security scan pipeline
  • Validating test coverage meets thresholds

Phase 1: Build

mvn -T 4 clean verify -DskipTests

# or

./gradlew clean assemble -x test

If build fails, stop and fix.

Phase 2: Static Analysis

Maven (common plugins):

mvn -T 4 spotbugs:check pmd:check checkstyle:check

Gradle (if configured):

./gradlew checkstyleMain pmdMain spotbugsMain

Phase 3: Tests + Coverage

mvn -T 4 test

mvn jacoco:report   # verify 80%+ coverage

# or

./gradlew test jacocoTestReport

Report:

  • Total tests, passed/failed
  • Coverage % (lines/branches)

Unit Tests

Test service logic in isolation with mocked dependencies:

@ExtendWith(MockitoExtension.class)

class UserServiceTest {

  @Mock private UserRepository userRepository;

  @InjectMocks private UserService userService;

  @Test

  void createUser_validInput_returnsUser() {

    var dto = new CreateUserDto("Alice", "alice@example.com");

    var expected = new User(1L, "Alice", "alice@example.com");

    when(userRepository.save(any(User.class))).thenReturn(expected);

    var result = userService.create(dto);

    assertThat(result.name()).isEqualTo("Alice");

    verify(userRepository).save(any(User.class));

  }

  @Test

  void createUser_duplicateEmail_throwsException() {

    var dto = new CreateUserDto("Alice", "existing@example.com");

    when(userRepository.existsByEmail(dto.email())).thenReturn(true);

    assertThatThrownBy(() -> userService.create(dto))

        .isInstanceOf(DuplicateEmailException.class);

  }

}

Integration Tests with Testcontainers

Test against a real database instead of H2:

@SpringBootTest

@Testcontainers

class UserRepositoryIntegrationTest {

  @Container

  static PostgreSQLContainer<?> postgres = new PostgreSQLContainer<>("postgres:16-alpine")

      .withDatabaseName("testdb");

  @DynamicPropertySource

  static void configureProperties(DynamicPropertyRegistry registry) {

    registry.add("spring.datasource.url", postgres::getJdbcUrl);

    registry.add("spring.datasource.username", postgres::getUsername);

    registry.add("spring.datasource.password", postgres::getPassword);

  }

  @Autowired private UserRepository userRepository;

  @Test

  void findByEmail_existingUser_returnsUser() {

    userRepository.save(new User("Alice", "alice@example.com"));

    var found = userRepository.findByEmail("alice@example.com");

    assertThat(found).isPresent();

    assertThat(found.get().getName()).isEqualTo("Alice");

  }

}

API Tests with MockMvc

Test controller layer with full Spring context:

@WebMvcTest(UserController.class)

class UserControllerTest {

  @Autowired private MockMvc mockMvc;

  @MockBean private UserService userService;

  @Test

  void createUser_validInput_returns201() throws Exception {

    var user = new UserDto(1L, "Alice", "alice@example.com");

    when(userService.create(any())).thenReturn(user);

    mockMvc.perform(post("/api/users")

            .contentType(MediaType.APPLICATION_JSON)

            .content("""

                {"name": "Alice", "email": "alice@example.com"}

                """))

        .andExpect(status().isCreated())

        .andExpect(jsonPath("$.name").value("Alice"));

  }

  @Test

  void createUser_invalidEmail_returns400() throws Exception {

    mockMvc.perform(post("/api/users")

            .contentType(MediaType.APPLICATION_JSON)

            .content("""

                {"name": "Alice", "email": "not-an-email"}

                """))

        .andExpect(status().isBadRequest());

  }

}

Phase 4: Security Scan

# Dependency CVEs

mvn org.owasp:dependency-check-maven:check

# or

./gradlew dependencyCheckAnalyze

# Secrets in source

grep -rn "password\s*=\s*\"" src/ --include="*.java" --include="*.yml" --include="*.properties"

grep -rn "sk-\|api_key\|secret" src/ --include="*.java" --include="*.yml"

# Secrets (git history)

git secrets --scan  # if configured

Common Security Findings

# Check for System.out.println (use logger instead)

grep -rn "System\.out\.print" src/main/ --include="*.java"

# Check for raw exception messages in responses

grep -rn "e\.getMessage()" src/main/ --include="*.java"

# Check for wildcard CORS

grep -rn "allowedOrigins.*\*" src/main/ --include="*.java"

Phase 5: Lint/Format (optional gate)

mvn spotless:apply   # if using Spotless plugin

./gradlew spotlessApply

Phase 6: Diff Review

git diff --stat

git diff

Checklist:

  • No debugging logs left (System.out, log.debug without guards)
  • Meaningful errors and HTTP statuses
  • Transactions and validation present where needed
  • Config changes documented

Output Template

VERIFICATION REPORT

===================

Build:     [PASS/FAIL]

Static:    [PASS/FAIL] (spotbugs/pmd/checkstyle)

Tests:     [PASS/FAIL] (X/Y passed, Z% coverage)

Security:  [PASS/FAIL] (CVE findings: N)

Diff:      [X files changed]

Overall:   [READY / NOT READY]

Issues to Fix:

1. ...

2. ...

Continuous Mode

  • Re-run phases on significant changes or every 30–60 minutes in long sessions
  • Keep a short loop: mvn -T 4 test + spotbugs for quick feedback

Remember: Fast feedback beats late surprises. Keep the gate strict—treat warnings as defects in production systems.

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card