# Commands reference > **Warning:** This product is in Beta stage and we may release breaking changes. The documentation here matches the release version listed in the table of contents. This page documents every SonarQube CLI command. Find the full SonarQube CLI command reference, including options and examples, at cli.sonarqube.com. A machine-readable version of the command reference is also available as JSON at cli.sonarqube.com/data/commands.json. Each entry includes a description, the arguments and options it accepts (with types, defaults, and whether they are required), and runnable examples. For longer-form guides on *how* to use these commands, see [Overview](/sonarqube-cli/integrations/integrations.md), [Overview](/sonarqube-cli/analysis/analysis.md), and [Overview](/sonarqube-cli/administration/administration.md). ## Commands at a glance | Group | Commands | | ------------------ | ----------------------------------------------------------------- | | **Authentication** | `sonar auth login`, `logout`, `purge`, `status` | | **Integrations** | `sonar integrate claude`, `copilot`, `git` | | **Analysis** | `sonar analyze secrets`, `analyze agentic`, `verify`, `remediate` | | **Information** | `sonar list issues`, `list projects`, `api` | | **Configuration** | `sonar config telemetry` | | **Maintenance** | `sonar self-update` | | Command | Description | | ------------------- | --------------------------------------------------------------------------------------------------------------------- | | `sonar auth` | Manage authentication tokens and credentials | | `sonar api` | Make authenticated API requests to SonarQube | | `sonar integrate` | Setup SonarQube integration for AI coding agents, git and others. | | `sonar list` | List issues and projects from SonarQube | | `sonar remediate` | Trigger AI agent remediation for eligible issues (SonarQube Cloud only) | | `sonar analyze` | Analyze code for quality and security issues | | `sonar verify` | Run server-side SonarQube Agentic Analysis on the local change set (alias of `analyze agentic`, SonarQube Cloud only) | | `sonar config` | Configure CLI settings | | `sonar self-update` | Update sonar CLI to the latest version | *** ## `sonar auth` Manage authentication tokens and credentials. ### `sonar auth login` Save an authentication token to the system keychain. **Options:** | Option | Type | Required | Description | Default | | -------------------- | ------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | `--server`, `-s` | string | No | Your SonarQube Server URL, SonarQube Cloud EU (`https://sonarcloud.io`), or SonarQube Cloud US (`https://sonarqube.us`). Defaults to SonarQube Cloud EU. | - | | `--org`, `-o` | string | No | SonarQube Cloud organization key (required for SonarQube Cloud) | - | | `--with-token`, `-t` | string | No | Token value (skips browser, non-interactive mode) | - | **Examples:** Interactive login for SonarQube Cloud (EU): ```bash sonar auth login ``` Non-interactive login with an existing token: ```bash sonar auth login -o my-org -t squ_abc123 ``` Non-interactive login for a self-hosted SonarQube Server: ```bash sonar auth login -s https://sonarqube.mycompany.com --with-token squ_def456 ``` *** ### `sonar auth logout` Remove the active connection token from the keychain. The CLI also best-effort revokes the token server-side when it was created via the interactive browser flow. **Examples:** ```bash sonar auth logout ``` *** ### `sonar auth purge` Interactively remove every token the CLI has saved in the keychain. **Examples:** ```bash sonar auth purge ``` *** ### `sonar auth status` Show the active authentication connection and verify the token against the server. **Examples:** ```bash sonar auth status ``` *** ## `sonar integrate` For step-by-step setup guides, see [Overview](/sonarqube-cli/integrations/integrations.md). ### `sonar integrate claude` Set up the SonarQube integration for Claude Code. Installs secrets-scanning hooks and configures the SonarQube MCP server and SonarQube Agentic Analysis (on SonarQube Cloud). **Options:** | Option | Type | Required | Description | Default | | ------------------- | ------- | -------- | ----------------------------------------------------------------------------- | ------- | | `--project`, `-p` | string | No | Project key. Ignored when `--global` is used. | - | | `--non-interactive` | boolean | No | Non-interactive mode (no prompts) | - | | `--global`, `-g` | boolean | No | Install hooks and config globally to `~/.claude` instead of project directory | - | **Examples:** ```bash sonar integrate claude -p my-project sonar integrate claude -g ``` *** ### `sonar integrate copilot` Set up the SonarQube integration for GitHub Copilot. Installs secrets-scanning hooks and configures the SonarQube MCP server and SonarQube Agentic Analysis (on SonarQube Cloud). **Options:** | Option | Type | Required | Description | Default | | ----------------- | ------- | -------- | ------------------------------------------------------------------------------ | ------- | | `--global`, `-g` | boolean | No | Install hooks and config globally to `~/.copilot` instead of project directory | - | | `--project`, `-p` | string | No | Project key. Mutually exclusive with `--global`. | - | **Examples:** ```bash sonar integrate copilot -p my-project sonar integrate copilot -g ``` *** ### `sonar integrate git` Install a Git hook that scans staged files (`pre-commit`) or unpushed commits (`pre-push`) for secrets. **Options:** | Option | Type | Required | Description | Default | | ------------------- | ------- | -------- | ------------------------------------------------------------------------------------------------ | ------- | | `--hook` | string | No | Hook to install: `pre-commit` (scan staged files) or `pre-push` (scan files in unpushed commits) | - | | `--force` | boolean | No | Overwrite an existing hook if it is not from `sonar integrate git` | - | | `--non-interactive` | boolean | No | Non-interactive mode (no prompts) | - | | `--global` | boolean | No | Install hook globally for all repositories (sets `git config --global core.hooksPath`) | - | **Examples:** ```bash sonar integrate git sonar integrate git --hook pre-push sonar integrate git --global sonar integrate git --hook pre-push --global --non-interactive ``` *** ## Analysis ### `sonar analyze secrets` Scan files or standard input for hardcoded secrets. **Arguments:** | Argument | Description | | ---------- | ------------------------------------------- | | `[paths…]` | File or directory paths to scan for secrets | **Options:** | Option | Type | Required | Description | Default | | --------- | ------- | -------- | ----------------------------------------- | ------- | | `--stdin` | boolean | No | Read from standard input instead of paths | - | **Exit behavior:** exits with code `51` when secrets are found, `0` when none are found. See [Exit codes](/sonarqube-cli/using-sonarqube-cli/exit-codes.md). **Examples:** Scan a file: ```bash sonar analyze secrets src/config.ts ``` Scan a directory: ```bash sonar analyze secrets src/ ``` Scan stdin: ```bash cat .env | sonar analyze secrets --stdin ``` *** ### `sonar analyze agentic` Run server-side SonarQube [Agentic Analysis](https://docs.sonarsource.com/agent-centric-development-cycle/features/agentic-analysis) on local changes (SonarQube Cloud only). **Options:** | Option | Type | Required | Description | Default | | ----------------- | ------- | -------- | ------------------------------------------------------------- | ------- | | `--file` | string | No | Analyze a single file (skips change-set detection) | - | | `--staged` | boolean | No | Analyze staged files only (`git diff --cached`) | - | | `--base` | string | No | Analyze files changed vs a branch or ref (e.g. `main`) | - | | `--branch` | string | No | Branch name for analysis context | - | | `--project`, `-p` | string | No | SonarQube Cloud project key (overrides auto-detected project) | - | | `--force` | boolean | No | Skip the large change-set confirmation prompt | - | | `--format` | string | No | Output format (`text`, `json`) | `text` | > **Note:** The CLI prompts for confirmation when the change set exceeds 50 files. Pass `--force` to skip the prompt, or use `--format json` (which suppresses the prompt automatically). **Exit behavior:** exits with code `51` when issues are reported. See [Exit codes](/sonarqube-cli/using-sonarqube-cli/exit-codes.md). **Examples:** ```bash sonar analyze agentic # local change set sonar analyze agentic --file src/app.ts # single file sonar analyze agentic --staged # staged files only sonar analyze agentic --base main # changes vs main ``` *** ### `sonar verify` Alias of [`sonar analyze agentic`](#sonar-analyze-agentic). Accepts the same options and exhibits the same behavior. Provided as a shorter name for the most common workflow: verifying local changes before a commit or PR. **Examples:** ```bash sonar verify sonar verify --staged sonar verify --base main ``` *** ### `sonar remediate` Trigger AI-agent remediation for eligible issues (SonarQube Cloud only). Eligibility is determined server-side: only issues the SonarQube remediation agent can fix are surfaced. **Options:** | Option | Type | Required | Description | Default | | ----------------- | ------ | -------- | ----------------------------------------------------------------------------------------------------- | ------- | | `--project`, `-p` | string | No | SonarQube Cloud project key (overrides auto-detected project) | - | | `--issues` | string | No | Comma-separated issue keys to remediate non-interactively (max 20). Required when stdin is not a TTY. | - | **Examples:** Pick issues interactively: ```bash sonar remediate -p my-project ``` Non-interactively remediate specific issues (suitable for scripts): ```bash sonar remediate -p my-project --issues issue-key-1,issue-key-2 ``` *** ## Information ### `sonar list issues` Search for issues in a SonarQube project. **Options:** | Option | Type | Required | Description | Default | | ----------------- | ------ | -------- | --------------------------------------------------------------------------------------------------------------------------- | ------- | | `--project`, `-p` | string | Yes | Project key | - | | `--statuses` | string | No | Filter by status (comma-separated list of: `OPEN`, `CONFIRMED`, `FALSE_POSITIVE`, `ACCEPTED`, `FIXED`) | - | | `--severities` | string | No | Filter by severity (comma-separated list of: `INFO`, `MINOR`, `MAJOR`, `CRITICAL`, `BLOCKER`) | - | | `--format` | string | No | Output format (`json`, `toon`, `table`, `csv`) — see [Output formats](/sonarqube-cli/using-sonarqube-cli/output-formats.md) | `json` | | `--branch` | string | No | Branch name | - | | `--pull-request` | string | No | Pull request ID | - | | `--page-size` | number | No | Page size (1-500) | `500` | | `--page` | number | No | Page number | `1` | **Examples:** ```bash sonar analyze secrets src/config.ts ``` Scan multiple files for hardcoded secrets. ```bash sonar analyze secrets src/file1.ts src/file2.ts ``` Scan stdin for hardcoded secrets. ```bash cat .env | sonar analyze secrets --stdin ``` *** ### `sonar list projects` Search for projects the active token can access. **Options:** | Option | Type | Required | Description | Default | | --------------- | ------ | -------- | ---------------------------------------------- | ------- | | `--query`, `-q` | string | No | Search query to filter projects by name or key | - | | `--page` | number | No | Page number | `1` | | `--page-size` | number | No | Page size (1-500) | `500` | Output is always JSON. Pipe through `jq` if you need to transform it. **Examples:** ```bash sonar list projects sonar list projects -q my-project sonar list projects --page 2 --page-size 50 ``` *** ### `sonar api` Make authenticated requests to any SonarQube Web API endpoint. Useful for advanced workflows that aren't covered by other commands. **Arguments:** | Argument | Description | | ------------ | ------------------------------------------------------------------------ | | `` | HTTP method (`get`, `post`, `patch`, `put`, `delete`) | | `` | API endpoint path. Must start with `/` and can contain query parameters. | **Options:** | Option | Type | Required | Description | Default | | ----------------- | ------- | -------- | ------------------------------------------------------------------ | ------- | | `--data`, `-d` | string | No | JSON string for the request body. See request body encoding below. | - | | `--verbose`, `-v` | boolean | No | Print request and response details for debugging. | - | > **Note:** **Request body encoding.** The CLI picks an encoding based on the endpoint path: > > * Endpoints starting with `/api/v2/`, or endpoints that don't start with `/api/`, receive a JSON body (`Content-Type: application/json`). > * All other endpoints (the SonarQube Web API v1, paths under `/api/`) receive URL-encoded form data (`Content-Type: application/x-www-form-urlencoded`). > > This matches what each Web API endpoint expects. You don't need to override it. **Examples:** List favorite projects: ```bash sonar api get "/api/favorites/search" ``` Search for rules in an organization: ```bash sonar api get "/api/rules/search?organization=my-org&languages=ts" ``` Generate a new user token: ```bash sonar api post "/api/user_tokens/generate" --data '{"name":"my-new-token"}' ``` Accept an issue: ```bash sonar api post "/api/issues/do_transition" --data '{"issue":"AYx1z2","transition":"accept"}' ``` Debug a request: ```bash sonar api get "/api/system/status" --verbose ``` Get the current analysis engine JAR info (V2 API): ```bash sonar api get "/analysis/engine" ``` Revoke a user token: ```bash sonar api post "/api/user_tokens/revoke" --data '{"name":"my-token"}' ``` *** ## Configuration ### `sonar config telemetry` Enable or disable the collection of anonymous usage statistics and crash reports. See [Telemetry and privacy](/sonarqube-cli/administration/telemetry-and-privacy.md) for what's collected. **Options:** | Option | Type | Required | Description | Default | | ------------ | ------- | -------- | ------------------------------------------------ | ------- | | `--enabled` | boolean | No | Enable collection of anonymous usage statistics | - | | `--disabled` | boolean | No | Disable collection of anonymous usage statistics | - | **Examples:** ```bash sonar config telemetry --enabled sonar config telemetry --disabled ``` *** ## Maintenance ### `sonar self-update` Update the CLI to the latest version. Re-uses the install script that put `sonar` on your system; your saved state and credentials are preserved. See [Updating the CLI](/sonarqube-cli/administration/self-update.md) for details. **Options:** | Option | Type | Required | Description | Default | | ---------- | ------- | -------- | ----------------------------------------------------- | ------- | | `--status` | boolean | No | Check for a newer version without installing | - | | `--force` | boolean | No | Install the latest version even if already up to date | - | **Examples:** ```bash sonar self-update sonar self-update --status sonar self-update --force ``` ## Related pages * [Environment variables](/sonarqube-cli/using-sonarqube-cli/environment-variables.md) * [Output formats](/sonarqube-cli/using-sonarqube-cli/output-formats.md) * [Exit codes](/sonarqube-cli/using-sonarqube-cli/exit-codes.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/sonarqube-cli/using-sonarqube-cli/commands.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.