# Claude Code

> **Warning:** This product is in Beta stage and we may release breaking changes. The documentation here matches the release version listed in the table of contents.

`sonar integrate claude` configures the SonarQube CLI to work alongside [Claude Code](https://claude.com/product/claude-code). One command installs three things:

* **Secrets-scanning hooks** — a `UserPromptSubmit` hook that scans the prompt you send to Claude, and a `PreToolUse` hook that runs before Claude reads or writes files. Together they block any operation that would expose a secret.
* **The SonarQube MCP server** so Claude can fetch projects, issues, and rules directly.
* **An Agentic Analysis hook** (SonarQube Cloud only) — a `PostToolUse` hook that wires the CLI into Claude's tool-use cycle so Agentic Analysis runs on your changes.

## Prerequisites

* [The SonarQube CLI is installed and authenticated](/sonarqube-cli/quickstart-guide.md).
* [Claude Code](https://docs.claude.com/en/docs/claude-code/setup) is installed.
* You're working inside a project directory (or you're installing globally with `--global`).

## Install

Run inside the project you want to integrate, with the project key:

```bash
sonar integrate claude --project <YourProjectKey>
```

Or install once for your whole machine:

```bash
sonar integrate claude --global
```

> **Note:** You can run this in either order: install per-machine first (`--global`) and then per-project, or the other way around. When a global hook is detected during a project install, the per-project secrets hook is skipped to avoid duplicate scans.

### What the command does

The integrator runs in three phases:

1. **Discovery and validation.** It locates your project's config (`sonar-project.properties`, `.sonarlint/connectedMode.json`, or the explicit `--project` flag) and verifies the token.
2. **Health check and repair.** It calls SonarQube to confirm the token, organization, and project are valid. If the token is broken and you're running interactively, it offers to refresh it.
3. **Installation.** It writes hooks and MCP config into either the project directory or your home directory, depending on `--global`.

### Where files are installed

| Scope             | Hook & config location                                                             |
| ----------------- | ---------------------------------------------------------------------------------- |
| `--global`        | `~/.claude/` (hooks, settings, MCP config)                                         |
| Project (default) | Inside the repo's `.claude/` directory                                             |
| Shared binary     | `~/.sonar/sonarqube-cli/bin/` (the secrets-scanning binary, used for hook payload) |

State for installed integrations is recorded in `~/.sonar/sonarqube-cli/state.json`. See [State and storage](/sonarqube-cli/administration/state-and-storage.md).

## Restart Claude Code

Claude reads its hook and MCP configuration at startup. **Restart Claude Code** for the integration to take effect.

## Verify it works

### Test the secrets hook

1. Create a file in your project with a fake-looking but secret-shaped value:

   ```javascript
   // secrets.js
   const API_KEY = "sqp_1aa323ae0689cd4a1abd062a2ad0a224ae8a1d13";
   ```
2. Ask Claude to read it: *"Read secrets.js."*
3. Claude Code should block the read and explain that the file contains a secret.

Once you've confirmed the hook is active, delete the test file.

### Test the MCP server

In Claude Code, ask: *"Use the SonarQube MCP server to list my open projects."* Claude should call SonarQube and return your project list. If it doesn't, run `sonar auth status` to confirm the underlying token is healthy and restart Claude.

### Test Agentic Analysis (SonarQube Cloud only)

In Claude Code, ask: *"Run `sonar verify --staged` and summarize new issues."* Claude should invoke the CLI and report findings. This requires SonarQube Cloud and the Agentic Analysis entitlement on your organization.

## Non-interactive install

For provisioning scripts, dotfiles, and onboarding automation:

```bash
sonar integrate claude --global --non-interactive
```

In non-interactive mode the CLI does not prompt for confirmation or token repair. Run [`sonar auth status`](/sonarqube-cli/using-sonarqube-cli/commands.md#sonar-auth-status) afterward to confirm everything is wired up.

## Uninstall

The CLI has no dedicated uninstall command for integrations yet. To remove the Claude integration:

1. Delete the hook files written under `~/.claude/` (global) or `.claude/` (project).
2. Remove the SonarQube MCP server entry from your Claude configuration.
3. Remove the integration entry from `~/.sonar/sonarqube-cli/state.json` (under `integrations.installed`).

See [Uninstalling](/sonarqube-cli/administration/uninstall.md) for the full removal procedure.

## Related pages <a href="#related-pages" id="related-pages"></a>

* [Secrets scanning](/sonarqube-cli/analysis/secrets-scanning.md)
* [Analyzing local changes](/sonarqube-cli/analysis/analyzing-local-changes.md)
* [GitHub Copilot](/sonarqube-cli/integrations/github-copilot.md)
* [State and storage](/sonarqube-cli/administration/state-and-storage.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-cli/integrations/claude-code.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.