Catch issues before they reach a pull request: scan for secrets, verify local changes against SonarQube Cloud, and apply AI-suggested fixes.
Note: Some of these analysis features are in Beta. Check the individual feature page for its current status.
Find problems in your code from your terminal, no CI run required.
Secrets scanningAnalyzing local changesAI remediationSoftware Composition Analysis (SCA)Catch hardcoded credentials before they leave your machine
sonar analyze secrets
Anywhere: Cloud, Server, or offline.
See what new issues your in-progress changes introduce
sonar analyze / sonar analyze agentic
SonarQube Cloud only (agentic portion). Secrets scanning runs on both SonarQube Cloud and SonarQube Server.
Scan dependencies for vulnerabilities, malware, and prohibited licenses
sonar analyze dependency-risks
SonarQube Cloud, or SonarQube Server 2026.4+. Requires Advanced Security with SCA enabled. Beta; subject to change.
Have an AI agent propose a fix for an existing issue
sonar remediate
SonarQube Cloud only.
For the full set of options and exit codes, see Commands reference and Exit codes.
Last updated
Was this helpful?
Was this helpful?