> For the complete documentation index, see [llms.txt](https://docs.sonarsource.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sonarsource.com/sonarqube-cli/integrations/integrations.md).
# Overview
The SonarQube CLI ships first-class integrations for the tools your engineers use every day. Each `sonar integrate` subcommand connects SonarQube to one of these tools. It installs secrets-scanning hooks, configures the [MCP server](https://github.com/SonarSource/sonarqube-mcp-server) where applicable, and sets up [SonarQube Agentic Analysis](https://docs.sonarsource.com/agent-centric-development-cycle/features/agentic-analysis) on SonarQube Cloud.
## What's available
{% content-ref url="/pages/GsnHMjDJsVFXYYHGTsTl" %}
[Claude Code](/sonarqube-cli/integrations/claude-code.md)
{% endcontent-ref %}
{% content-ref url="/pages/DYoL9ggMdmT2TDx4NDDL" %}
[Cursor](/sonarqube-cli/integrations/cursor.md)
{% endcontent-ref %}
{% content-ref url="/pages/uUKVySDXKtRW5d82SXSI" %}
[GitHub Copilot](/sonarqube-cli/integrations/github-copilot.md)
{% endcontent-ref %}
{% content-ref url="/pages/cJE3bw5MtiXqncB6l5ux" %}
[Google Antigravity](/sonarqube-cli/integrations/antigravity.md)
{% endcontent-ref %}
{% content-ref url="/pages/A04tdj6uvTfr53GhRQ0O" %}
[OpenAI Codex](/sonarqube-cli/integrations/codex.md)
{% endcontent-ref %}
{% content-ref url="/pages/IXmt8zAs7MpoNUgSuwC6" %}
[Git hooks](/sonarqube-cli/integrations/git-hooks.md)
{% endcontent-ref %}
## Project versus global scope
Every `sonar integrate` subcommand installs at **project** scope (inside the current repository) or **global** scope (in your user home, applying across projects on your machine):
| Scope | Flag | Where files are installed | When to use |
| ----------- | -------------- | ----------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| **Project** | none (default) | Inside your repository (`.claude/`, `.copilot/`, `.cursor/`, Codex config, `.git/hooks/`) | Per-repo configuration. The hook ships with the repo and applies only when working in that project. |
| **Global** | `--global` | In your user home (`~/.claude/`, `~/.copilot/`, `~/.cursor/`, `~/.codex/`, `~/.sonar/sonarqube-cli/hooks/`) | Apply once, get the integration across every project on your machine. Recommended for individual developers and for security baselines. |
The `--project` / `-p` flag sets the SonarQube project key. Passing it implies project scope and skips the scope prompt. When you omit it, the CLI resolves the project from `sonar-project.properties`, SonarQube for IDE connected mode, or the git `origin` remote when the repository is bound on SonarQube.
In an interactive terminal, when you omit both `--global` and `--project`, the CLI shows the connection and project preflight summary, then asks where to install. Choose **This project** for the current directory, or **Global** for your user home.
In non-interactive mode (including when you authenticate with [environment variables](/sonarqube-cli/using-sonarqube-cli/environment-variables.md)), scope defaults to project when you don't pass `--global`. The CLI logs an info line recording that default.
If you install a global integration first and then run the same `sonar integrate` command in a project, the CLI detects the existing global setup and skips redundant hook installation.
## What gets installed
AI agent integrations (`sonar integrate claude`, `copilot`, `codex`, `cursor`, and `antigravity`) wire SonarQube into secrets scanning, the MCP server, and (on SonarQube Cloud) Agentic Analysis and Context Augmentation, though the underlying mechanism depends on what each agent exposes:
* **Secrets-scanning hook(s).** For Claude Code, a `UserPromptSubmit` hook (scans the prompt you send to Claude) and a `PreToolUse` hook (runs before file reads/writes). For GitHub Copilot, a pre-tool-use hook. For OpenAI Codex, a `UserPromptSubmit` hook (scans the prompt before it is sent to Codex), plus instructions to scan files for secrets before reading them. For Cursor, a `beforeSubmitPrompt` hook plus `beforeReadFile` and `preToolUse` hooks that scan files before the agent reads them. These all block any operation that would expose a secret. Powered by [`sonar analyze secrets`](/sonarqube-cli/analysis/secrets-scanning.md).
* **MCP server configuration.** Lets the agent call SonarQube directly to fetch projects, issues, and rules.
* **Agentic Analysis integration** (SonarQube Cloud only). For Claude Code and Codex, a `PostToolUse` hook that runs Agentic Analysis on the agent's edits automatically. For GitHub Copilot, Cursor, and Google Antigravity, instructions that let the agent invoke `sonar analyze agentic` on your changes. Agentic Analysis is project-scoped: `--global` installs skip it.
* **Context Augmentation skill** (SonarQube Cloud only, when your organization is entitled on an eligible SonarQube Cloud plan). On eligible project installs, the integrate commands install a skill that lets the agent pull project guidelines, architecture, semantic navigation, and dependency context through the CLI integration as it works. Context Augmentation is project-scoped: `--global` installs skip it, and `--skip-context` opts out.
`sonar integrate git` installs code scanning hooks at the Git layer, so commits and pushes are blocked even outside of an AI agent's session. Every hook runs secrets scanning; you can optionally enable dependency-risks scanning on the pre-commit hook. See [Git hooks](/sonarqube-cli/integrations/git-hooks.md).
## Recommended setup for a developer's laptop
```bash
sonar auth login
sonar integrate claude --global # or copilot --global
sonar integrate git --global
```
This gives every project on the machine secrets blocking at three layers: AI agent reads, AI agent writes, and Git commits/pushes.
## Recommended setup for a team rollout
For larger rollouts (dozens to thousands of engineers), pair the per-machine global integrations above with a CI-side scan that catches anything the local hooks missed:
```bash
sonar analyze secrets .
# Exits 51 if secrets are found, failing the pipeline.
```
See [Environment variables](/sonarqube-cli/using-sonarqube-cli/environment-variables.md) and [Exit codes](/sonarqube-cli/using-sonarqube-cli/exit-codes.md) for the CI/CD recipe.
## Related pages
* [Secrets scanning](/sonarqube-cli/analysis/secrets-scanning.md)
* [Analyzing local changes](/sonarqube-cli/analysis/analyzing-local-changes.md)
* [Commands reference](/sonarqube-cli/using-sonarqube-cli/commands.md)
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.sonarsource.com/sonarqube-cli/integrations/integrations.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.