SonarQube Remediation Agent

The SonarQube Remediation Agent

The SonarQube Remediation Agent runs an independent review and analysis to help you fix reliability and maintainability issues found in your latest code. It focuses on new issues discovered in your latest GitHub pull request (PR). These issues, picked up by the agent, would otherwise break the new code conditions of your quality gate and block the merge of your PR. The generation of fix suggestions takes place in the background and the new code does not introduce new issues.

The agent reviews issues found during your pull request analysis, proposes fixes, and adds a commit to the PR when the fix suggestion is accepted. Users maintain full control of the agent at all times from enabling it on a per-project basis, to reviewing and approving code suggestions on an issue-by-issue basis.

It works with your most common languages (Java, JavaScript/TypeScript, and Python) by providing feedback on maintainability, reliability, and select security issues. In addition, it also offers fix suggestions for Secrets; see the Requirements and limitations for complete details.

To enable and install the agent, see the SonarQube Remediation Agent page. To understand the agent's behavior and learn how to engage with the agent in your pull request, see the Agents in your GitHub pull request page.

Sharing your code with Sonar

If you use the SonarQube Remediation Agent, the affected code snippet will be sent by the agent to an LLM to generate a fix suggestion. These suggestions are verified by Sonar before being offered as an issue fix. Service agreements with Sonar’s LLMs prevent your code from being used to train those models and it is not stored by the LLM provider nor by any third party.

For details about terms and conditions, please refer to the Early Access terms in our Legal Documentation.