Ctrlk
BetaDeveloper

Commands reference

A complete reference for SonarQube CLI commands, with arguments, options, defaults, and examples.

This product is in Beta stage and we may release breaking changes. The documentation here matches the release version listed in the table of contents.

This page documents every SonarQube CLI command. Find the full SonarQube CLI command reference, including options and examples, at cli.sonarqube.com. A machine-readable version of the command reference is also available as JSON at cli.sonarqube.com/data/commands.json.

Each entry includes a description, the arguments and options it accepts (with types, defaults, and whether they are required), and runnable examples.

For longer-form guides on how to use these commands, see Overview, Overview, and Overview.

Commands at a glance

Group
Commands

Authentication

sonar auth login, logout, purge, status

Integrations

sonar integrate claude, copilot, git

Analysis

sonar analyze secrets, analyze agentic, verify, remediate

Information

sonar list issues, list projects, api

Configuration

sonar config telemetry

Maintenance

sonar self-update

Command
Description

sonar auth

Manage authentication tokens and credentials

sonar api

Make authenticated API requests to SonarQube

sonar integrate

Setup SonarQube integration for AI coding agents, git and others.

sonar list

List issues and projects from SonarQube

sonar remediate

Trigger AI agent remediation for eligible issues (SonarQube Cloud only)

sonar analyze

Analyze code for quality and security issues

sonar verify

Run server-side SonarQube Agentic Analysis on the local change set (alias of analyze agentic, SonarQube Cloud only)

sonar config

Configure CLI settings

sonar self-update

Update sonar CLI to the latest version

sonar auth

Manage authentication tokens and credentials.

sonar auth login

Save an authentication token to the system keychain.

Options:

Option
Type
Required
Description
Default

--server, -s

string

No

Your SonarQube Server URL, SonarQube Cloud EU (https://sonarcloud.io), or SonarQube Cloud US (https://sonarqube.us). Defaults to SonarQube Cloud EU.

-

--org, -o

string

No

SonarQube Cloud organization key (required for SonarQube Cloud)

-

--with-token, -t

string

No

Token value (skips browser, non-interactive mode)

-

Examples:

Interactive login for SonarQube Cloud (EU):

Non-interactive login with an existing token:

Non-interactive login for a self-hosted SonarQube Server:

sonar auth logout

Remove the active connection token from the keychain. The CLI also best-effort revokes the token server-side when it was created via the interactive browser flow.

Examples:

sonar auth purge

Interactively remove every token the CLI has saved in the keychain.

Examples:

sonar auth status

Show the active authentication connection and verify the token against the server.

Examples:

sonar integrate

For step-by-step setup guides, see Overview.

sonar integrate claude

Set up the SonarQube integration for Claude Code. Installs secrets-scanning hooks and configures the SonarQube MCP server and SonarQube Agentic Analysis (on SonarQube Cloud).

Options:

Option
Type
Required
Description
Default

--project, -p

string

No

Project key. Ignored when --global is used.

-

--non-interactive

boolean

No

Non-interactive mode (no prompts)

-

--global, -g

boolean

No

Install hooks and config globally to ~/.claude instead of project directory

-

Examples:

sonar integrate copilot

Set up the SonarQube integration for GitHub Copilot. Installs secrets-scanning hooks and configures the SonarQube MCP server and SonarQube Agentic Analysis (on SonarQube Cloud).

Options:

Option
Type
Required
Description
Default

--global, -g

boolean

No

Install hooks and config globally to ~/.copilot instead of project directory

-

--project, -p

string

No

Project key. Mutually exclusive with --global.

-

Examples:

sonar integrate git

Install a Git hook that scans staged files (pre-commit) or unpushed commits (pre-push) for secrets.

Options:

Option
Type
Required
Description
Default

--hook

string

No

Hook to install: pre-commit (scan staged files) or pre-push (scan files in unpushed commits)

-

--force

boolean

No

Overwrite an existing hook if it is not from sonar integrate git

-

--non-interactive

boolean

No

Non-interactive mode (no prompts)

-

--global

boolean

No

Install hook globally for all repositories (sets git config --global core.hooksPath)

-

Examples:

Analysis

sonar analyze secrets

Scan files or standard input for hardcoded secrets.

Arguments:

Argument
Description

[paths…]

File or directory paths to scan for secrets

Options:

Option
Type
Required
Description
Default

--stdin

boolean

No

Read from standard input instead of paths

-

Exit behavior: exits with code 51 when secrets are found, 0 when none are found. See Exit codes.

Examples:

Scan a file:

Scan a directory:

Scan stdin:

sonar analyze agentic

Run server-side SonarQube Agentic Analysis on local changes (SonarQube Cloud only).

Options:

Option
Type
Required
Description
Default

--file

string

No

Analyze a single file (skips change-set detection)

-

--staged

boolean

No

Analyze staged files only (git diff --cached)

-

--base

string

No

Analyze files changed vs a branch or ref (e.g. main)

-

--branch

string

No

Branch name for analysis context

-

--project, -p

string

No

SonarQube Cloud project key (overrides auto-detected project)

-

--force

boolean

No

Skip the large change-set confirmation prompt

-

--format

string

No

Output format (text, json)

text

The CLI prompts for confirmation when the change set exceeds 50 files. Pass --force to skip the prompt, or use --format json (which suppresses the prompt automatically).

Exit behavior: exits with code 51 when issues are reported. See Exit codes.

Examples:

sonar verify

Alias of sonar analyze agentic. Accepts the same options and exhibits the same behavior. Provided as a shorter name for the most common workflow: verifying local changes before a commit or PR.

Examples:

sonar remediate

Trigger AI-agent remediation for eligible issues (SonarQube Cloud only). Eligibility is determined server-side: only issues the SonarQube remediation agent can fix are surfaced.

Options:

Option
Type
Required
Description
Default

--project, -p

string

No

SonarQube Cloud project key (overrides auto-detected project)

-

--issues

string

No

Comma-separated issue keys to remediate non-interactively (max 20). Required when stdin is not a TTY.

-

Examples:

Pick issues interactively:

Non-interactively remediate specific issues (suitable for scripts):

Information

sonar list issues

Search for issues in a SonarQube project.

Options:

Option
Type
Required
Description
Default

--project, -p

string

Yes

Project key

-

--statuses

string

No

Filter by status (comma-separated list of: OPEN, CONFIRMED, FALSE_POSITIVE, ACCEPTED, FIXED)

-

--severities

string

No

Filter by severity (comma-separated list of: INFO, MINOR, MAJOR, CRITICAL, BLOCKER)

-

--format

string

No

Output format (json, toon, table, csv) — see Output formats

json

--branch

string

No

Branch name

-

--pull-request

string

No

Pull request ID

-

--page-size

number

No

Page size (1-500)

500

--page

number

No

Page number

1

Examples:

Scan multiple files for hardcoded secrets.

Scan stdin for hardcoded secrets.

sonar list projects

Search for projects the active token can access.

Options:

Option
Type
Required
Description
Default

--query, -q

string

No

Search query to filter projects by name or key

-

--page

number

No

Page number

1

--page-size

number

No

Page size (1-500)

500

Output is always JSON. Pipe through jq if you need to transform it.

Examples:

sonar api

Make authenticated requests to any SonarQube Web API endpoint. Useful for advanced workflows that aren't covered by other commands.

Arguments:

Argument
Description

<method>

HTTP method (get, post, patch, put, delete)

<endpoint>

API endpoint path. Must start with / and can contain query parameters.

Options:

Option
Type
Required
Description
Default

--data, -d

string

No

JSON string for the request body. See request body encoding below.

-

--verbose, -v

boolean

No

Print request and response details for debugging.

-

Request body encoding. The CLI picks an encoding based on the endpoint path:

  • Endpoints starting with /api/v2/, or endpoints that don't start with /api/, receive a JSON body (Content-Type: application/json).

  • All other endpoints (the SonarQube Web API v1, paths under /api/) receive URL-encoded form data (Content-Type: application/x-www-form-urlencoded).

This matches what each Web API endpoint expects. You don't need to override it.

Examples:

List favorite projects:

Search for rules in an organization:

Generate a new user token:

Accept an issue:

Debug a request:

Get the current analysis engine JAR info (V2 API):

Revoke a user token:

Configuration

sonar config telemetry

Enable or disable the collection of anonymous usage statistics and crash reports. See Telemetry and privacy for what's collected.

Options:

Option
Type
Required
Description
Default

--enabled

boolean

No

Enable collection of anonymous usage statistics

-

--disabled

boolean

No

Disable collection of anonymous usage statistics

-

Examples:

Maintenance

sonar self-update

Update the CLI to the latest version. Re-uses the install script that put sonar on your system; your saved state and credentials are preserved. See Updating the CLI for details.

Options:

Option
Type
Required
Description
Default

--status

boolean

No

Check for a newer version without installing

-

--force

boolean

No

Install the latest version even if already up to date

-

Examples:

Related pages

PreviousQuickstart guideNextEnvironment variables

Last updated

Was this helpful?