# Remediation Agent

> **Beta:** The SonarQube Remediation Agent is a [Beta](https://docs.sonarsource.com/sonarqube-cloud/appendices/product-release-lifecycle#beta) feature available with the SonarQube Cloud Team (annual) and Enterprise plans. It's free during beta and will be a paid feature when it moves to [General Availability](https://docs.sonarsource.com/sonarqube-cloud/appendices/product-release-lifecycle#general-availability). For terms and conditions, see our legal page about features in [Early Access](https://www.sonarsource.com/legal/early-access/).

## Overview

The SonarQube Remediation Agent runs an independent review and analysis to help you fix reliability and maintainability issues found in your latest code, and to remediate dependency vulnerabilities found by Software Composition Analysis (SCA). It focuses on issues in your SonarQube Cloud backlog (discovered in your main branch analysis) and on issues found in your latest GitHub pull request (PR).

The agent uses Anthropic's Claude Opus 4.6 to generate fix suggestions in the background and checks that the new code doesn't introduce new issues before offering the suggestion.

After issues from your analysis are assigned, the agent proposes fixes and creates new PRs for your review. You maintain full control—enable it per project, then review and approve code suggestions for each issue.

The SonarQube Remediation Agent can suggest fixes in three ways:

* **Automated backlog remediation**: The agent runs on a schedule you set, automatically proposing fixes for eligible issues in your main branch without manual assignment. A SonarQube Cloud organization admin enables the scheduler and sets the frequency (daily or weekly), time, and timezone. The agent then opens pull requests in GitHub on that schedule, grouped by rule key and file type, the same way it does for manual backlog remediation. Project admins can override or disable the schedule for individual projects.
* **Manual backlog remediation**: The agent fixes issues you select from your backlog and assign with the **Assign to Agent** button on the **Issues** page.
* **Pull request remediation**: The agent is triggered from a pull request analysis when your quality gate fails.

## Supported languages

The Remediation Agent works with your most common languages (C#, Java, JavaScript/TypeScript, and Python) by providing feedback on maintainability, reliability, and select security issues. In addition, it also offers fix suggestions for [Secrets](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/languages/secrets). It can also remediate dependency vulnerabilities found by Software Composition Analysis (SCA); see [SCA basic remediation](#sca-basic-remediation) below. See the [Requirements and limitations](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/ai-features/sonarqube-remediation-agent#requirements-and-limitations) article for complete details.

## Sharing your code with Sonar <a href="#sharing-your-code-with-sonar" id="sharing-your-code-with-sonar"></a>

If you use the SonarQube Remediation Agent, the affected code snippet is sent to an LLM to generate a fix suggestion. Sonar verifies suggestions before offering them as a fix. Service agreements with Sonar’s LLMs prevent your code from being used to train those models and it isn’t stored by the LLM provider or any third party.

For terms and conditions, see the [Early Access terms](https://www.sonarsource.com/legal/early-access/) in our [Legal Documentation](https://www.sonarsource.com/legal/).

## Setup

To enable and install the agent, see [Administer the Remediation Agent](/agent-centric-development-cycle/how-to-guides/administer-ac-dc-features/remediation-agent.md).

To understand the agent's behavior and learn how to engage with the agent in your pull request, follow the [Pull request fix suggestions](/agent-centric-development-cycle/how-to-guides/solve-issues/pull-request-fix-suggestions.md) and [Backlog fix suggestions](/agent-centric-development-cycle/how-to-guides/solve-issues/backlog-fix-suggestions.md) guides.

## SCA basic remediation

The Remediation Agent can fix Software Composition Analysis (SCA) vulnerabilities by bumping the dependency version suggested by the SCA analysis. Triggered from the results of a SonarQube Cloud [Dependency risks](https://docs.sonarsource.com/sonarqube-cloud/advanced-security/reviewing-and-fixing-dependency-risks) analysis, the agent generates a PR for your review.

The following package managers are supported:

* **NPM** — covers npm and yarn
* **PyPI** — covers pip
* **Maven** — covers Maven and Gradle

## Related products

For AI-powered pull request review automation, see [Gitar](https://docs.gitar.ai), a separate Sonar product.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/agent-centric-development-cycle/features/remediation-agent.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.