# SonarQube CLI

> **Warning:** This product is in Beta stage and we may release breaking changes. The documentation here matches the release version listed in the table of contents.

The SonarQube CLI (`sonar`) is a command-line companion for [SonarQube Cloud](https://docs.sonarsource.com/sonarqube-cloud/) and [SonarQube Server](https://docs.sonarsource.com/sonarqube-server/). It lets you scan for secrets, analyze local changes, query projects and issues, and wire SonarQube into AI coding assistants — all from your terminal.

**Project links:** [cli.sonarqube.com](https://cli.sonarqube.com/) · [GitHub repository](https://github.com/SonarSource/sonarqube-cli) · [Command reference (HTML)](https://cli.sonarqube.com/commands.html) · [Releases](https://github.com/SonarSource/sonarqube-cli/releases)

## What it does

Some features run against either SonarQube Cloud or SonarQube Server; others are currently SonarQube Cloud only. The list below marks each one.

**Available with both SonarQube Cloud and SonarQube Server:**

* **🔒 Detect secrets before they leak.** Scan files, standard input, Git commits, or AI tool calls for hardcoded credentials. See [Secrets scanning](/sonarqube-cli/analysis/secrets-scanning.md).
* **⚡ Get fast feedback on local changes.** `sonar verify` runs every analysis the CLI supports on your uncommitted work. The secrets-scanning portion runs against both SonarQube Cloud and SonarQube Server. **Agentic Analysis is available only on SonarQube Cloud.** See [Analyzing local changes](/sonarqube-cli/analysis/analyzing-local-changes.md).
* **🤖 Integrate with AI coding agents.** Install hooks and MCP servers for Claude Code and GitHub Copilot in one command. See [Overview](/sonarqube-cli/integrations/integrations.md).
* **📊 Script and automate.** List your projects, and surface issues in JSON, CSV, TOON, or table format for dashboards, analytics, and pipelines.
* **🔗 Call the SonarQube API.** Make authenticated requests to any SonarQube Web API endpoint with `sonar api`.

**SonarQube Cloud only:**

* **🧠 Run Agentic Analysis on local changes.** Get server-grade results on your uncommitted diff in your terminal, powered by SonarQube Cloud's Agentic Analysis. Runs as part of `sonar verify`. See [Analyzing local changes](/sonarqube-cli/analysis/analyzing-local-changes.md).
* **🛠 Trigger AI-assisted fixes.** Send eligible issues to the SonarQube Cloud remediation agent and apply suggested fixes. See [AI remediation](/sonarqube-cli/analysis/ai-remediation.md).

For a full reference of every command, option, and example, see [Commands reference](/sonarqube-cli/using-sonarqube-cli/commands.md).

## Three ways to use the CLI

**Everyone starts the same way:** follow [Quickstart guide](/sonarqube-cli/quickstart-guide.md) to install, authenticate, and run your first command. Then dig into the workflow that matches your use case:

| Use case                                          | Where to go next                                                                                                                                      |
| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
| Run commands interactively in your terminal       | [Commands reference](/sonarqube-cli/using-sonarqube-cli/commands.md) (full command reference)                                                         |
| Plug SonarQube into Claude Code or GitHub Copilot | [Overview](/sonarqube-cli/integrations/integrations.md)                                                                                               |
| Script the CLI in CI/CD or automation             | [Environment variables](/sonarqube-cli/using-sonarqube-cli/environment-variables.md) + [Exit codes](/sonarqube-cli/using-sonarqube-cli/exit-codes.md) |

## SonarQube CLI vs. SonarScanner CLI

These two products serve different purposes. Choose based on what you're trying to do:

* The **SonarQube CLI** (`sonar` — this product) is for developers and AI agents working in their terminal. It interacts with an existing SonarQube project and exposes secrets scanning, local change analysis, AI remediation, and project/issue lookup.
* The **SonarScanner CLI** (`sonar-scanner`) is the code analysis scanner used to ingest projects from CI/CD pipelines into SonarQube. See the SonarScanner CLI docs for [SonarQube Server](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner/) or [SonarQube Cloud](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-cli/).

## Prerequisites

* A [SonarQube Cloud](https://docs.sonarsource.com/sonarqube-cloud/) organization or a [SonarQube Server](https://docs.sonarsource.com/sonarqube-server/) instance.
* A SonarQube **user token** to authenticate with — not a project, global, or organization-scoped token.
* A supported operating system:
  * Linux x86-64 or ARM64
  * macOS ARM64 (Apple Silicon)
  * Windows x86-64

> **Warning:** **macOS Intel is not supported.** The installer only ships a `macos-arm64` binary. Apple Silicon Macs (M1/M2/M3/M4) work natively; Intel Macs are not currently supported.

> **Warning:** *User tokens* are required when authenticating your SonarQube CLI with SonarQube Cloud or SonarQube Server. The CLI won't function properly if *project tokens*, *global tokens*, or *scoped organization tokens* are used during setup.

## What a session looks like

A typical first run:

```bash
# Install (see the quickstart for Windows)
curl -o- https://raw.githubusercontent.com/SonarSource/sonarqube-cli/refs/heads/master/user-scripts/install.sh | bash

# Authenticate (opens your browser)
sonar auth login

# Find a secret in a file
sonar analyze secrets src/config.ts

# List open issues in a project
sonar list issues -p my-project --format table

# Analyze your staged changes against SonarQube Cloud
sonar verify --staged
```

## For AI agents reading this page

If you are an AI coding assistant reading these docs, a machine-readable command reference is published at [`cli.sonarqube.com/llms.txt`](https://cli.sonarqube.com/llms.txt) and a structured JSON schema at [`cli.sonarqube.com/data/commands.json`](https://cli.sonarqube.com/data/commands.json).

## Feedback

The SonarQube CLI is in Beta. Share what's working, what isn't, and what you'd like next:

* **General questions and ideas:** the [Sonar Community forum](https://community.sonarsource.com/).
* **Bugs and crashes:** [github.com/SonarSource/sonarqube-cli/issues](https://github.com/SonarSource/sonarqube-cli/issues).
* **Beta feedback form:** [share your impressions](https://forms.gle/xE61HS2E5NzxFCSR9).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-cli/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.