> For the complete documentation index, see [llms.txt](https://docs.sonarsource.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sonarsource.com/agent-centric-development-cycle/developer-tools/agent-plugins/claude-code.md). # Claude Code > **Beta:** The SonarQube agent plugin is in beta. Breaking changes may occur. The SonarQube plugin for Claude Code connects your AI coding agent to SonarQube's code quality and security data. Once installed and configured, Claude Code can analyze code, list and fix issues, check quality gates, inspect coverage and duplication, and run [Agentic Analysis](/agent-centric-development-cycle/features/agentic-analysis.md) through the [Broken mention](broken://pages/KCG1e43mJm4inAtljVSk). The plugin's secrets-detection capabilities keep credentials out of your prompts and the files the agent reads or writes. The plugin works with SonarQube Cloud or SonarQube Server. ## Features * Fix specific code quality issues by rule key and location. * Search and filter issues in your SonarQube project. * List accessible SonarQube projects to find project keys. * Run quality gate, coverage, duplication, snippet analysis, and dependency risk checks via the SonarQube MCP Server. * Detect secrets using hooks that run before the agent executes a tool or receives a prompt, keeping secrets out of its context. * Check on startup whether the SonarQube CLI is present and the integration is configured. ## Prerequisites * A SonarQube Cloud organization or SonarQube Server instance. * Node.js, required to run the SessionStart hook. * A container runtime (Docker, Podman, or nerdctl) to run the SonarQube MCP Server image. ## Install Install the SonarQube plugin from the `claude-plugins-official` marketplace: * From your shell, run `claude plugin install sonarqube@claude-plugins-official`. * Or inside Claude Code, run `/plugin install sonarqube@claude-plugins-official`. Then reload SonarQube's skills and hooks in Claude Code: * Either restart Claude Code, or * Run `/reload-plugins` if your version supports it. ## Configuration After installing the plugin, finish setup by running the guided integration skill: ``` /sonarqube:sonar-integrate ``` The skill does the following: 1. Install the SonarQube CLI if not already present, or update it with `sonar self-update`. 2. Authenticate with SonarQube Cloud or your SonarQube Server instance via `sonar auth login`. Your browser opens to complete login; the token is stored in your system keychain. 3. Run `sonar integrate claude` to register the SonarQube MCP Server, secrets-detection hooks, and other Claude Code integration on your machine. ## Agentic Analysis and Context Augmentation The Claude Code plugin sets up Agentic Analysis hooks automatically when you run `/sonarqube:sonar-integrate`. After integration, Claude Code verifies code changes against SonarQube Cloud after edits, with no further setup required. For overviews of these features, see [Agentic Analysis](/agent-centric-development-cycle/features/agentic-analysis.md) and [Context Augmentation](/agent-centric-development-cycle/features/context-augmentation.md). For detailed setup and operational directives, see [Make your agent verify its code](/agent-centric-development-cycle/how-to-guides/verify-your-code/make-your-agent-verify-its-code.md). ## Verify that it works ### Test the secrets hook 1. Create a file with a fake-looking but secret-shaped value: ```javascript // secrets.js const API_KEY = "sqp_1aa323ae0689cd4a1abd062a2ad0a224ae8a1d13"; ``` 2. Ask Claude to read it: *"Read secrets.js."* 3. Claude Code should block the read and explain that the file contains a secret. Once you've confirmed the hook is active, delete the test file. ### Test the MCP server In Claude Code, ask: *"Use the SonarQube MCP server to list my open projects."* Claude should call SonarQube and return your project list. If it doesn't, run `sonar auth status` to confirm the underlying token is healthy and restart Claude. ### Test Agentic Analysis (SonarQube Cloud only) In Claude Code, ask: *"Run `sonar verify --staged` and summarize new issues."* Claude should invoke the CLI and report findings. This requires SonarQube Cloud and the Agentic Analysis entitlement on your organization. ## Non-interactive install For provisioning scripts and onboarding automation, skip the interactive skill and run the SonarQube CLI directly: ```bash sonar integrate claude --global --non-interactive ``` In non-interactive mode the CLI does not prompt for confirmation or token repair. Run `sonar auth status` afterward to confirm the integration is wired up. See [Claude Code](/sonarqube-cli/integrations/claude-code.md) in the SonarQube CLI docs for full details. ## Usage After setup, invoke SonarQube skills in Claude Code using explicit slash commands or natural language. Both options are shown for each skill. ### List projects ``` /sonarqube:sonar-list-projects # all accessible projects /sonarqube:sonar-list-projects my-project # search by name or key ``` Or in natural language: * "List my SonarQube projects." * "Search for projects with `auth` in the name." ### List issues ``` /sonarqube:sonar-list-issues # issues in the current project /sonarqube:sonar-list-issues my-project --severity CRITICAL ``` Or in natural language: * "List the issues in `my-project`." * "Show me critical issues in `my-project`." * "Search issues in `my-project` on branch `main`." ### Fix an issue ``` /sonarqube:sonar-fix-issue java:S1481 src/main/java/MyClass.java /sonarqube:sonar-fix-issue python:S2077 src/auth/login.py:34 ``` Or in natural language: * "Fix the issue `java:S1481` in `src/main/java/MyClass.java`." * "Help me fix `python:S2077` on line 34 of `src/auth/login.py`." ### Quality gate ``` /sonarqube:sonar-quality-gate /sonarqube:sonar-quality-gate my-project --branch main ``` Or in natural language: * "Check the quality gate status for `my-project`." * "Show me the quality gate for `my-project` on pull request 42." ### Analyze a file ``` /sonarqube:sonar-analyze /sonarqube:sonar-analyze src/auth/login.py ``` Or in natural language: * "Analyze `src/auth/login.py` for code quality and security issues." * "Run analysis on the current file." ### Coverage ``` /sonarqube:sonar-coverage /sonarqube:sonar-coverage my-project --max 50 /sonarqube:sonar-coverage my-project --file src/auth/login.py ``` Or in natural language: * "What files in `my-project` have less than 50% coverage?" * "Show me line-by-line coverage for `src/auth/login.py`." ### Duplication ``` /sonarqube:sonar-duplication /sonarqube:sonar-duplication my-project --pr 42 /sonarqube:sonar-duplication my-project --file src/auth/login.py ``` Or in natural language: * "Find duplicated files in `my-project`." * "Show duplications in `my-project` on pull request 42." ### Dependency risks Dependency risks require SonarQube Advanced Security. ``` /sonarqube:sonar-dependency-risks /sonarqube:sonar-dependency-risks my-project --pr 42 ``` Or in natural language: * "List dependency risks in `my-project`." * "Show me SCA issues on pull request 42." ### Security hotspots Access security hotspots through the same `sonar-list-issues` skill: ``` /sonarqube:sonar-list-issues my-project ``` Or in natural language: * "Search security hotspots in `my-project`." * "Show hotspots in `my-project` that are still to review." ## Uninstall To remove the SonarQube plugin from Claude Code: * From your shell, run `claude plugin uninstall sonarqube`. * Or inside Claude Code, run `/plugin` to open the **Manage plugins** window and remove the SonarQube plugin. Uninstalling the plugin removes the SonarQube skills and hooks the plugin registered. To also remove the underlying CLI integration files written by `/sonarqube:sonar-integrate` (the SonarQube MCP server entry, secrets-detection hook configuration, state record), see [Uninstall](/sonarqube-cli/integrations/claude-code.md#uninstall) on the SonarQube CLI integration page. ## Related pages * [Claude Code](/sonarqube-cli/integrations/claude-code.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/agent-centric-development-cycle/developer-tools/agent-plugins/claude-code.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.