Send eligible SonarQube issues to the AI remediation agent and apply suggested fixes from your terminal.
Note: AI remediation in the SonarQube CLI is in Beta and subject to change.
sonar remediate asks SonarQube Cloud's remediation agent to propose a fix for issues it considers eligible. You pick which issues to remediate (interactively or by passing their keys), and the CLI returns the agent's suggested change.
Note: SonarQube Cloud only. Remediation is currently available on SonarQube Cloud, against organizations entitled to the Remediation Agent. It is not yet supported on self-hosted SonarQube Server.
You're triaging issues in an existing project and want an AI-generated starting point for a fix.
You're running an automation pass over a known set of issue keys (for example, the BLOCKERs reported by sonar list issues).
You're working inside Claude Code, Copilot, or Codex, where the agent can chain sonar remediate after sonar analyze to suggest fixes for new findings.
sonar remediate is best used for clearly-scoped, well-defined issues (specific rule violations on a single function, for example). For sweeping refactors, treat the agent's output as a suggestion and review it carefully before applying.
The SonarQube CLI is installed and authenticated against SonarQube Cloud.
Your organization is entitled to the SonarQube Remediation Agent.
You know your project key, or run from a directory where the CLI can auto-detect it from sonar-project.properties, SonarQube for IDE connected mode, or the git origin remote when the repository is bound on SonarQube.
Run inside the project directory to pick issues from a list:
The CLI fetches the project's eligible issues from the server and prompts you to select which ones to remediate. The server decides eligibility; only issues the remediation agent can fix are shown.
For scripts and CI/CD, pass the issue keys directly:
You can pass up to 20 issue keys per invocation. Get keys from sonar list issues:
Note: When
sonar remediateruns without a terminal attached (in CI/CD, an SSH session without a TTY, or a CI runner),--issuesis required. The command will fail fast otherwise rather than wait for input.
The remediation agent returns a proposed change. You review it, apply it, edit it, or discard it. The CLI does not push any changes to your repository on its own; you stay in control of what lands.
If auto-detection picks the wrong project (for example, when your repo is mapped to several SonarQube projects), pass --project explicitly:
After you install the Claude Code or GitHub Copilot integration, the agent can call sonar remediate itself. Example prompt:
"List the BLOCKER issues in my-org_my-app, pick the top three, and run sonar remediate on them."
Last updated
Was this helpful?
Was this helpful?
sonar remediate --project <YourProjectKey>sonar remediate --project <YourProjectKey> --issues key-1,key-2,key-3sonar list issues --project my-org_my-app --severities BLOCKER --format json \
| jq -r '.issues[].key' \
| paste -sd, \
| xargs -I {} sonar remediate --project my-org_my-app --issues {}sonar remediate --project my-org_specific-project