Commands

A complete reference for SonarQube CLI commands, including options and examples.

This product is in Beta stage and breaking changes may be released. The documentation here matches the release version listed in the table of contents.

This page is a reference for all SonarQube CLI commands. Each command entry includes a description, a table of available options with their types, whether they are required, and default values, plus usage examples.

The available top-level commands are:

Command

Description

sonar auth

Manage authentication tokens and credentials

sonar install

Install Sonar tools

sonar integrate

Set up SonarQube integration with AI coding agents and other tools

sonar list

List SonarQube resources such as issues and projects

sonar analyze

Analyze code for security issues

sonar verify

Analyze a file for issues

sonar config

Configure CLI settings

sonar self-update

Update the sonar CLI to the latest version

`sonar auth`

Manage authentication tokens and credentials.

Save authentication token to keychain.

Options:

Option

Type

Required

Description

Default

--server, -s

string

SonarQube server URL (default is SonarQube Cloud)

--org, -o

string

SonarQube Cloud organization key (required for SonarQube Cloud)

--with-token, -t

string

Token value (skips browser, non-interactive mode)

Examples:

Interactive login for SonarQube Cloud with a browser.

sonar auth login

Non-interactive login with a direct token.

sonar auth login -o my-org -t squ_abc123

Non-interactive login for a custom server with a token.

sonar auth login -s https://my-sonarqube.io --with-token squ_def456

`sonar auth logout`

Remove authentication token from keychain.

Options:

Option

Type

Required

Description

Default

--server, -s

string

SonarQube server URL

--org, -o

string

SonarQube Cloud organization key (required for SonarQube Cloud)

Examples:

Remove the token for a SonarQube Cloud organization.

sonar auth logout -o my-org

Remove the token for a custom SonarQube server.

sonar auth logout -s https://my-sonarqube.io

`sonar auth purge`

Remove all authentication tokens from keychain.

Examples:

Interactively remove all saved tokens.

sonar auth purge

`sonar auth status`

Show active authentication connection with token verification.

Examples:

Show the current server connection and token status.

sonar auth status

`sonar install`

Install Sonar tools.

`sonar install secrets`

Install sonar-secrets binary from https://binaries.sonarsource.com.

Options:

Option

Type

Required

Description

Default

--force

boolean

Force reinstall even if already installed

--status

boolean

Check installation status instead of installing

Examples:

Install the latest sonar-secrets binary.

sonar install secrets

Reinstall sonar-secrets (overwrite existing).

sonar install secrets --force

Check if sonar-secrets is installed and up to date.

sonar install secrets --status

`sonar integrate`

Set up SonarQube integration for AI coding agents, git, and others.

`sonar integrate claude`

Set up SonarQube integration for Claude Code. This installs secrets scanning hooks and configures the SonarQube MCP Server.

Options:

Option

Type

Required

Description

Default

--server, -s

string

SonarQube server URL

--project, -p

string

Project key

--token, -t

string

Existing authentication token

--org, -o

string

Organization key (for SonarQube Cloud)

--non-interactive

boolean

Non-interactive mode (no prompts)

--global, -g

boolean

Install hooks and config globally to ~/.claude instead of project directory

Examples:

Integrate Claude Code with an interactive setup.

sonar integrate claude -s https://sonarcloud.io -p my-project

Integrate globally and install hooks to ~/.claude that will be available for all projects.

sonar integrate claude -g -s https://sonarcloud.io -p my-project

`sonar list`

List Sonar resources.

`sonar list issues`

Search for issues in SonarQube.

Options:

Option

Type

Required

Description

Default

--project, -p

string

Yes

Project key

--org, -o

string

Organization key (for SonarQube Cloud)

--severity

string

Filter by severity

--format

string

Output format

json

--branch

string

Branch name

--pull-request

string

Pull request ID

--page-size

number

Page size (1-500)

500

--page

number

Page number

1

Examples:

List issues in a project.

sonar list issues -p my-project

Output issues in TOON format for AI agents.

sonar list issues -p my-project --format toon

Filter issues by severity.

sonar list issues -p my-project --severity CRITICAL

`sonar list projects`

Search for projects in SonarQube.

Options:

Option

Type

Required

Description

Default

--org, -o

string

Organization key (for SonarQube Cloud)

--query, -q

string

Search query to filter projects by name or key

--page

number

Page number

1

--page-size

number

Page size (1-500)

500

Examples:

List the first 500 accessible projects.

sonar list projects

Search projects by name or key.

sonar list projects -q my-project

Paginate through projects.

sonar list projects --page 2 --page-size 50

`sonar analyze`

Analyze code for security issues.

`sonar analyze secrets`

Scan files or stdin for hardcoded secrets.

Arguments:

Argument

Description

[paths…]

File or directory paths to scan for secrets

Options:

Option

Type

Required

Description

Default

--stdin

boolean

Read from standard input instead of paths

Examples:

Scan a file for hardcoded secrets.

sonar analyze secrets src/config.ts

Scan stdin for hardcoded secrets.

cat .env | sonar analyze secrets --stdin

`sonar analyze sqaa`

Run SQAA server-side analysis on a file (SonarQube Cloud only).

Options:

Option

Type

Required

Description

Default

--file

string

Yes

File path to analyze

--branch

string

Branch name for analysis context

--project

string

SonarCloud project key (overrides auto-detected project)

Examples:

Run SQAA analysis on a file.

sonar analyze sqaa --file src/app.ts

Run an analysis on a specific branch.

sonar analyze sqaa --file src/app.ts --branch main

`sonar verify`

Analyze a file for issues.

Options:

Option

Type

Required

Description

Default

--file

string

Yes

File path to analyze

--branch

string

Branch name for analysis context

--project

string

SonarCloud project key (overrides auto-detected project)

Examples:

Analyze a file for issues.

sonar verify --file src/app.ts

Analyze a file on a specific branch.

sonar verify --file src/app.ts --branch main

`sonar config`

Configure CLI settings.

`sonar config telemetry`

Configure telemetry settings.

Options:

Option

Type

Required

Description

Default

--enabled

boolean

Enable collection of anonymous usage statistics

--disabled

boolean

Disable collection of anonymous usage statistics

Examples:

Enable the collection of anonymous usage statistics.

sonar config telemetry --enabled

Disable the collection of anonymous usage statistics.

sonar config telemetry --disabled

`sonar self-update`

Update the sonar CLI to the latest version.

Options:

Option

Type

Required

Description

Default

--status

boolean

Check for a newer version without installing

--force

boolean

Install the latest version even if already up to date

Examples:

Update the CLI to the latest version.

sonar self-update

Check if a newer version is available.

sonar self-update --status

Force reinstall the latest version.

sonar self-update --force

PreviousUsing SonarQube CLI NextSecrets scanning

Last updated 1 day ago

Was this helpful?

Good night

hashtagsonar auth

hashtagsonar auth login

hashtagsonar auth logout

hashtagsonar auth purge

hashtagsonar auth status

hashtagsonar install

hashtagsonar install secrets

hashtagsonar integrate

hashtagsonar integrate claude

hashtagsonar list

hashtagsonar list issues

hashtagsonar list projects

hashtagsonar analyze

hashtagsonar analyze secrets

hashtagsonar analyze sqaa

hashtagsonar verify

hashtagsonar config

hashtagsonar config telemetry

hashtagsonar self-update

`sonar auth`

`sonar auth login`

`sonar auth logout`

`sonar auth purge`

`sonar auth status`

`sonar install`

`sonar install secrets`

`sonar integrate`

`sonar integrate claude`

`sonar list`

`sonar list issues`

`sonar list projects`

`sonar analyze`

`sonar analyze secrets`

`sonar analyze sqaa`

`sonar verify`

`sonar config`

`sonar config telemetry`

`sonar self-update`