SonarScanner CLI
When your build system lacks a dedicated scanner, the SonarScanner CLI is the go-to tool for initiating an analysis with SonarQube Cloud.
SonarScanner — 8.0.1 | Issue Tracker
8.0.1 2025-12-05 Update embedded JREs to Java 21 Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
7.3 2025-10-06 Support z/OS as an Operating System to execute Scanners Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
7.2 2025-07-21 Restore ability to run the scanner with Java 11, update dependencies Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
7.1 2025-03-21 Support for SonarQube Cloud regions Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
7.0.2 2025-02-14 Bug fix to support SONAR_TOKEN on old SonarQube versions Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
7.0.1 2025-02-03 Support empty truststore password Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
7.0 2025-01-20 Non-latin character support in properties files, ISO-8859-1 support dropped Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
6.2.1 2024-10-01 FIPS support and improved SSL configuration Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
6.2 2024-09-17 Support PKCS12 truststore generated with OpenSSL Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
6.1 2024-06-27 macOS and Linux AArch64 distributions Download scanner for: Linux x64 Linux AArch64 Windows x64 macOS x64 macOS AArch64 Docker Any (Requires a pre-installed JVM) Release notes
6.0 2024-06-04 New bootstrapping mechanism and JRE provisioning with SonarQube 10.6+ and SonarCloud Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
5.0.2 2025-06-02 Security fix Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
5.0.1 2023-08-04 Bug fix to the JRE binaries for Linux Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
5.0 2023-07-31 Update embedded JRE to Java 17 Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.8.1 2023-08-14 Security fix Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.8 2022-02-06 Update embedded JRE 11 to the latest, bug fixes Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.7 2022-02-02 Ease import of custom certificates with the Docker image, update embedded JRE 11 Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.6.2 2021-05-07 Update dependencies, bug fix Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.6.1 2021-04-30 Update dependencies Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.6 2021-01-13 Support for Bitbucket Pipelines with SonarQube 8.7+ Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.5 2020-10-05 Fix a bug preventing the analysis in some environments Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.4 2020-07-03 New supported Docker image, bug fix Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.3 2019-03-09 Use SonarScanner name and better handle SonarCloud case in logs Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.2 2019-10-01 Support SONAR_HOST_URL environment variable to configure the server URL Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
4.1 2019-09-09 Improve the use of a custom project configuration file Download scanner for: Linux x64 Windows x64 macOS x64 Docker Any (Requires a pre-installed JVM) Release notes
The SonarScanner CLI is the scanner to use when there is no specific scanner for your build system. It supports ARM architecture for macOS and Linux.
Prerequisites
Java 21 or later, Java 17 has been deprecated. See Java runtime environment (JRE) for more details.
With JRE auto-provisioning:
Java 11 or later from SonarScanner CLI version 7.2
Java 17 or later before SonarScanner CLI version 7.2
See General requirements for more information.
Installation
Expand the downloaded file into the directory of your choice. We’ll refer to it as
$install_directoryin the next step.Add the
$install_directory/bindirectory to your path.Verify your installation by opening a new shell and executing the command
sonar-scanner -h(sonar-scanner.bat -hon Windows). You should get an output like this:
usage: sonar-scanner [options]
Options:
-D,--define <arg> Define property
-h,--help Display help information
-v,--version Display version information
-X,--debug Produce execution debug outputIf you need more debug information you can add one of the following to your command line:
-X, --verbose, or -Dsonar.verbose=true.
Use
Create a configuration file in the root directory of the project:
sonar-project.properties
Set the environment variable
SONAR_TOKENwith the Scoped Organization Token (SOT) (recommended from the Team plan) or Personal Access Token (PAT). Note that the token can also be set through the command line argument-Dsonar.token. To generate the token, see Managing Scoped Organization Tokens or Managing Personal Access Tokens.Run the command
sonar-scanner, orsonar-scanner.baton Windows, from the project base directory to run the analysis.
sample-projects
To help you get started, simple project samples are available for most languages on GitHub. They can be browsed or downloaded.
Alternatives to the sonar-project.properties file
If the sonar-project.properties file cannot be created in the root directory of the project, the alternatives are:
The properties can be specified directly through the command line. Example:
The property
project.settingscan be used to specify the path to the project configuration file (this option is incompatible with thesonar.projectBaseDir.property).The root folder of the project to analyze can be set through the
sonar.projectBaseDirproperty. This folder must contain asonar-project.propertiesfile if thesonar.projectKeyis not specified on the command line. Additional analysis parameters can be defined in this project configuration file or through command line parameters.
Alternate analysis directory
If the files to be analyzed are not in the directory where the analysis starts from, use the sonar.projectBaseDir property to move analysis to a different directory. For example, when an analysis begins from jenkins/jobs/myjob/workspace but the files to be analyzed are in ftpdrop/cobol/project1.
For more, see the listing of Analysis parameters.
Troubleshooting
Java heap space error or java.lang.OutOfMemoryError
Increase the memory using SONAR_SCANNER_JAVA_OPTS environment variable for SonarScanner CLI version 6.0 and higher. For the previous versions use SONAR_SCANNER_OPTS:
In Windows environments, avoid using double-quotes, since they get misinterpreted, with the result that the two parameters are combined into a single one.
"java" cannot be opened because the developer cannot be verified
The SonarScanner CLI is not yet Apple verified therefore, when using the macOS AArch64 version, you may get an OS security window displaying this message. A solution us to run:
Unsupported major.minor version
Install the last version of SonarScanner CLI (from version 6.0, no JRE installation is required). Otherwise, upgrade the version of Java being used for analysis or use one of the core packages that embed its own Java runtime.
Property sonar.cs.analyzer.projectOutPaths is missing
No protobuf files will be loaded for this project. SonarScanner is not able to analyze .NET projects. Please use the SonarScanner for .NET.
Last updated
Was this helpful?