Analysis as a Service
AI coding platforms and agents can integrate with SonarQube's Analysis as a Service (A3S) to provide fast, context-aware code quality analysis during code generation workflows.
This feature is in Beta stage and is only available with SonarQube Cloud projects. See the Product release lifecycle page for more information on release stages.
With Analysis as a Service (A3S), AI agents can analyze code changes with the same precision as a full CI scan, but in seconds instead of minutes. To do this, A3S leverages context collected during the last SonarQube CI analysis and restores it on-demand for single-file or multi-file analysis.
This allows you to unlock AI productivity without trade-offs by ensuring clean pull requests pass quality gates the first time, leading to faster code reviews with no back-and-forth.
A3S is accessible through integration with the SonarQube MCP Server and calls to the A3S API.
Supported languages
A3S analysis is available for the following languages:
Java
Python
Javascript/Typescript
CSS
HTML
Secrets detection and the IAC domains Docker, Kubernetes, and Terraform, are also supported.
If your Java project was analyzed using Automatic analysis, only basic analysis results are returned.
About the context mechanism
A3S achieves high-precision analysis through a two-phase approach: it first collects context during CI analysis, then restores that context during A3S analysis.
Phase 1: Context collection
During a regular CI analysis, SonarQube may collect and store:
Dependencies: JAR files, npm packages, or Python libraries the project uses.
Compiled artifacts:
.classfiles.Type information: Symbol tables, type hierarchies, import graphs.
Build configuration: Project structure, source paths, compiler settings.
This context is stored in the SonarQube Cloud backend (AWS), tagged by project key and branch.
Phase 2: Context restoration
When analyzing files using A3S, A3S restores the context collected for this project during a CI analysis, based on the specified project and branch name. This allows running an analysis with full access to dependencies and compiled artifacts. Analysis results have a level of precision that matches a full CI scan analysis.
The following diagram illustrates the context restoration process:
SonarQube MCP Server integration
Prerequisites
The project must have been analyzed in SonarQube Cloud after the A3S service was enabled for the organization .
Integrate the SonarQube MCP Server
First, install the SonarQube MCP Server in your MCP client using the SonarQube Cloud setup. Detailed setup instructions are available for the most popular MCP clients; find yours in the IDE setup article.
Set the A3S environment variable
Set your SONARQUBE_ADVANCED_ANALYSIS_ENABLED environment variable to true (default is false). This will make the run_advanced_code_analysis tool available in the SonarQube MCP Server.
For more information on the tool, see the SonarQube MCP Tools section.
Run an analysis using the advanced code analysis tool
Ask your agent to generate code and analyze it using the run_advanced_code_analysis MCP tool. Provide the project key (you can find it by going to Your Project > Information) and branch name in the request. Optionally, you can specify if the scope is main code or test code.
The AI agent then proceeds as follows:
Generate the code to address the task.
Call the advanced code analysis tool for each new or changed file.
Receive structured issue report with rule IDs, severity, issue locations, and descriptions.
Interpret issues and generate fixes.
Re-analyze the fixed code and iterate until the result is clean or the maximum number of iterations is reached.
Return the results of code generation.
Ensure your agent's operational constraints are defined to enforce reliance on A3S for code clarity. An example:
You must strictly follow this Analyze-Then-Commit workflow for every code modification. No code is considered complete until it has passed the following SonarQube validation loop:
Read Phase: After any modification or before commit, use the
Readtool to load the current state of all relevant source files.Analysis Phase: For every new or modified file, you must call
run_advanced_code_analysisusing:
projectKey: <YourProjectKey>
filePath: The project-relative path to the file.
fileContent: The full, updated content of the file.
branchName: The active development branch.
Evaluation & Remediation:
Rule Lookup: For every issue flagged, call
show_rulewith the specific rule key (e.g.,python:S1192).Mandatory Fixes: You are prohibited from committing code with CRITICAL or HIGH issues. You must implement fixes based on the rule's rationale and recommended guidance immediately.
Verification: After applying fixes, you must re-run the analysis to ensure the issues are resolved and no regressions were introduced.
Direct API calls to the service
Depending on the way you have set up your AI agent to work, you may want to run an A3S analysis without integrating with the SonarQube MCP Server. In this case, you can make an API call to the A3S API directly.
Prerequisites
The project must have been analyzed in SonarQube Cloud after the A3S service was enabled for the organization .
Calling the A3S API
To trigger an A3S analysis through an API call, send a POST request to https://api.sonarcloud.io/a3s-analysis/analyses.
Provide the following parameters in your request:
Parameters
projectKey(key, required) The key of your project (go to your project > Information to find it).branchName(string, required) Branch name used to retrieve the latest analysis context.filePath(string, required) Project-relative path of the file to analyze (e.g., "src/main/java/MyClass.java").fileContent(string, required) The original content of the file to analyze.fileScope(string, optional) Defines in which scope the file originates from (main or test code): "MAIN" or "TEST". Default is "MAIN".
Example with curl
Here is an example of an API call using curl:
Related pages
SonarQube MCP Server Tools
Last updated
Was this helpful?