SonarQube Remediation Agent

The SonarQube Remediation Agent

The SonarQube Remediation Agent runs an independent review and analysis to help you fix reliability and maintainability issues found in your latest code. It focuses on issues in your backlog, discovered in your main branch analysis, and on issues found in your latest GitHub pull request (PR).

The agent uses Anthropic's Claude Opus 4.6 to generate fix suggestions in the background and checks that the new code does not introduce new issues before offering the suggestion.

Once issues found during your analysis are assigned, the agent proposes fixes and creates new PRs so that you can review the changes. Users maintain full control of the agent at all times, from enabling it on a per-project basis, to reviewing and approving code suggestions for each issue.

It works with your most common languages (Java, JavaScript/TypeScript, and Python) by providing feedback on maintainability, reliability, and select security issues. In addition, it also offers fix suggestions for Secrets. See the Requirements and limitations article for complete details.

To enable and install the agent, check out the SonarQube Remediation Agent page. To understand the agent's behavior and learn how to engage with the agent in your pull request, have a look at the Agent backlog fixes and Agents in your GitHub pull request pages.

Sharing your code with Sonar

If you use the SonarQube Remediation Agent, the affected code snippet will be sent by the agent to an LLM to generate a fix suggestion. These suggestions are verified by Sonar before being offered as an issue fix. Service agreements with Sonar’s LLMs prevent your code from being used to train those models and it is not stored by the LLM provider nor by any third party.

For details about terms and conditions, please refer to the Early Access terms in our Legal Documentation.