Gitar is joining Sonar
Ctrlk
AC/DCDeveloper Guides
BetaDeveloper

Agentic Analysis

SonarQube Agentic Analysis enables AI agents to verify code changes with the same precision as a full CI scan, but in seconds instead of minutes thanks to a context collection mechanism.

Beta: This feature is in Beta stage and is only available with SonarQube Cloud projects for organizations in the Team and Enterprise plans. See the Product release lifecycle page for more information on release stages.

Overview

SonarQube Agentic Analysis is part of the Verify phase of the Agent Centric Development Cycle. It reuses the context from a previous SonarQube Cloud CI analysis and restores it on-demand for single- or multi-file analysis. This lets AI agents verify code changes with minimal latency while maintaining full CI analysis precision.

Supported languages

Agentic Analysis is available for the following languages:

  • Java

  • Python

  • JavaScript/TypeScript

  • CSS

  • HTML

  • XML

  • C#

  • VB.NET

  • C++

Secrets detection and the IaC domains Docker, Kubernetes, and Terraform, are also supported.

Note: If your Java project was analyzed using Automatic analysis, only basic analysis results are returned.

Supported IDEs and CLIs

Agentic Analysis is compatible with most AI-enabled IDEs and CLIs including Claude Code, Cursor, Codex, Gemini CLI, and VS Code with Copilot. See our IDE/CLI quickstart guides for the full list of supported IDEs and CLIs.

Guide-and-Verify loop

Using Agentic Analysis together with Context Augmentation allows you to build a guide-and-verify loop to ensure pull requests pass quality gates the first time, leading to faster code reviews with no back-and-forth. The loop has three steps:

  1. Guide: Context Augmentation injects architectural awareness and coding guidelines into the LLM context before it writes or edits code.

  2. Verify: Agentic Analysis verifies the resulting code with full CI-level precision.

  3. Loop: The LLM refines the code based on analysis results and repeats until quality gates pass.

Setup

To learn how to set up a code verification loop with Agentic Analysis, see Make your agent verify its code.

About the context mechanism

Agentic Analysis achieves high-precision analysis through a two-phase approach: it first collects context during CI analysis, then restores that context on demand.

Phase 1: Context collection

During a regular CI analysis, SonarQube may collect and store:

  • Dependencies: JAR files, npm packages, or Python libraries the project uses.

  • Compiled artifacts: .class files.

  • Type information: Symbol tables, type hierarchies, import graphs.

  • Build configuration: Project structure, source paths, compiler settings.

This context is stored in the SonarQube Cloud backend (AWS), tagged by project key and branch.

Diagram of how context is stored in the context storage during a CI scan

Phase 2: Context restoration

When analyzing files using Agentic Analysis, the context collected for this project during a CI analysis is restored, based on the specified project and branch name. This lets the analysis run with full access to dependencies and compiled artifacts. Analysis results have a level of precision that matches a full CI scan analysis.

Diagram showing the context restoration process.

Related pages

PreviousContext AugmentationNextAI CodeFix

Last updated

Was this helpful?