Scanners
A scanner inspects your source code and sends the results to SonarQube Cloud. Choose the scanner that matches your build system.
In SonarQube Cloud terminology, a scanner is the piece of software that performs the actual analysis on your code.
Typically, a scanner is configured to work as part of your build pipeline. Sonar provides different versions of the SonarScanner tool for different set-ups.
If your build process takes place on an on-premises machine (your own or some central build machine in your organization), you will need to download the appropriate scanner from Sonar, install it, and configure it.
If your build process is cloud-based (using CircleCI or similar), Sonar provides SonarScanner plugins that can be installed in those services.
SonarQube Cloud supports the following scanners and extensions, adapted to different setups:
SonarScanner CLI: Generic command-line tool for setups where no specialized scanner is available.
Azure DevOps Extension: For use with Azure Pipelines.
SonarScanner for Gradle: For use with Java Gradle projects.
Jenkins Extension: For use with Jenkins jobs.
SonarScanner for Maven: For use with Java Maven projects.
SonarScanner for .NET: For use with .NET projects.
SonarScanner for NPM: For use with analysis on JS/TS and CSS code bases.
Prerequisites for scanners
See General requirements.
How the scanners work
All the scanner variants just wrap SonarQube Cloud’s powerful set of language analyzers. Since the scanner is installed as part of your build process, we don’t want you to have to re-install it every time a SonarQube Cloud language analyzer is added or improved. To ensure this, SonarScanner always checks for updates to its analyzer set from SonarQube Cloud and downloads any recent additions or changes, thus always staying up-to-date.
When the scanner is invoked it executes the analysis on the code and sends the results back up to SonarQube Cloud, where they are processed, stored, and displayed in the SonarQube Cloud interface.
Comparison with automatic analysis
SonarQube Cloud’s automatic analysis can be thought of as a scanner that is integrated into the cloud service. It can be used without installing any additional software or integrating anything into your build pipeline.
For more details on automatic analysis, see Automatic analysis.
Last updated
Was this helpful?