# Sonar Review (alpha) {% hint style="info" %} Sonar Review is currently in alpha. {% endhint %} It combines SonarQube's deterministic static analysis with context-aware AI to help engineers review, understand, and approve code faster. It posts inline review comments, change summaries, and on-demand walkthroughs and architecture diagrams directly on pull requests. ## Requirements ### SonarQube requirements * You must have a SonarQube Cloud account. * Your SonarQube Cloud organization must be on the Team or Enterprise plan. See [Plans and pricing](https://www.sonarsource.com/plans-and-pricing/sonarcloud/) for details. * Each repository you want reviewed must have a corresponding project bound to GitHub in SonarQube Cloud. See [binding-unbound-organization](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/binding-unbound-organization "mention") for more details. If this connection doesn’t exist, Sonar Review will skip its review. If the connection exists but the analysis doesn’t succeed due to timeout, network issues, or other issues, then Sonar Review will fall back on the AI-only review. ### DevOps platform requirements * Sonar Review currently supports GitHub. Support for Azure DevOps, Bitbucket, and GitLab is coming soon. * Repositories must use pull requests as the code review workflow. Sonar Review triggers on pull request creation, update, and an explicit command through a comment. * Draft pull requests are not reviewed automatically. Once you convert a draft pull request to a ready for review pull request, the Sonar Review is triggered. See Triggering a review for more details. The following are not supported in the current release: * Bitbucket, Azure DevOps and GitLab. * SCA (software composition analysis) findings in reviews. * Architecture findings in reviews. * On-premises LLM / bring-your-own-LLM support. * Repositories analyzed with SonarQube Server instead of SonarQube Cloud. Once you install Sonar Review GitHub App on your organization’s repositories, no additional infrastructure, CI configuration, or external API keys are required. All processing happens within the Sonar platform. ## Setup guide 1. Install [Sonar Review GitHub app](https://github.com/apps/sonar-review-alpha) on your GitHub organization. 1. Select repositories that are accessible to the app. 2. Select **All repositories** or **Only select repositories** with *Read access to issues and metadata* and *Read and write access to checks, code, and pull requests*. 3. Click **Install**. Fill out this [interest form](https://docs.google.com/forms/d/e/1FAIpQLSdwCxqaIYmxyFeWC40CPID-qfrvIZnUjK06j-zDHKN973j88Q/viewform?usp=sharing\&ouid=103589099946429428731) to provide the needed information so we can add you to the allow list. ## Triggering a review Sonar Review runs automatically whenever a pull request is opened or updated.
Sonar Review summary with options to generate walkthrough and diagram
You can also trigger or extend a review manually, even on a draft pull request: * Comment @sonar-review-alpha review in a pull request comment. * Tick the **Generate Walkthrough** checkbox in the bot's summary comment to request a step-by-step walkthrough of the changes. * Tick the **Generate Diagram** checkbox to request an architecture diagram.
Sonar Review diagram
* To ask follow-up questions or challenge a finding, reply directly to any of the bot's review comments. Sonar Review will respond with additional context and, where appropriate, refine its suggestion.
Comments left by the bot
## Using Sonar Review with agentic IDEs and CLIs Sonar Review is designed to work with agentic coding tools such as Claude Code, Codex, and Cursor. When you ask your agent to review an open pull request, it can read Sonar Review's findings and act on them directly. To use this with your agentic IDE or CLI: 1. Ensure the DevOps platform CLI, for example `gh` for GitHub, or its MCP server is available in your environment. 2. Ask your agent to look at the pull request and fix anything Sonar Review has flagged. ## Language support Sonar Review delivers the best results for languages supported by SonarQube static analysis, as findings are correlated with and validated against deterministic scan results. It can also review code in languages not currently supported by SonarQube, but those reviews will rely on AI analysis alone and may be less complete. For the full list of languages supported by SonarQube Cloud analysis, see [overview](https://docs.sonarsource.com/sonarqube-cloud/discovering-sonarcloud/overview "mention") or more information. ## Troubleshooting Reach out to our Sonar team with the description of the issue through our [Community](https://community.sonarsource.com/c/sc/9) portal. ## Related pages * [importing-github-organization](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-github-organization "mention") * [binding-unbound-organization](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/binding-unbound-organization "mention") * [subscription-plans](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-subscription/subscription-plans "mention")