BetaDeveloper

AI remediation

Send eligible SonarQube issues to the AI remediation agent and apply suggested fixes from your terminal.

Warning: This product is in Beta stage and we may release breaking changes.

sonar remediate asks SonarQube Cloud's remediation agent to propose a fix for issues it considers eligible. You pick which issues to remediate (interactively or by passing their keys), and the CLI returns the agent's suggested change.

Note: SonarQube Cloud only. Remediation is currently available on SonarQube Cloud, against organizations entitled to the Remediation Agent. It is not yet supported on self-hosted SonarQube Server.

When to use it

You're triaging issues in an existing project and want an AI-generated starting point for a fix.
You're running an automation pass over a known set of issue keys (for example, the BLOCKERs reported by sonar list issues).
You're working inside Claude Code, Copilot, or Codex, where the agent can chain sonar remediate after sonar analyze to suggest fixes for new findings.

sonar remediate is best used for clearly-scoped, well-defined issues (specific rule violations on a single function, for example). For sweeping refactors, treat the agent's output as a suggestion and review it carefully before applying.

Prerequisites

The SonarQube CLI is installed and authenticated against SonarQube Cloud.
Your organization is entitled to the SonarQube Remediation Agent.
You know your project key, or run from a directory where the CLI can auto-detect it.

Interactive remediation

Run inside the project directory to pick issues from a list:

sonar remediate --project <YourProjectKey>

The CLI fetches the project's eligible issues from the server and prompts you to select which ones to remediate. The server decides eligibility; only issues the remediation agent can fix are shown.

Non-interactive remediation

For scripts and CI/CD, pass the issue keys directly:

sonar remediate --project <YourProjectKey> --issues key-1,key-2,key-3

You can pass up to 20 issue keys per invocation. Get keys from sonar list issues:

sonar list issues --project my-org_my-app --severities BLOCKER --format json \
  | jq -r '.issues[].key' \
  | paste -sd, \
  | xargs -I {} sonar remediate --project my-org_my-app --issues {}

Note: When sonar remediate runs without a terminal attached (in CI/CD, an SSH session without a TTY, or a CI runner), --issues is required. The command will fail fast otherwise rather than wait for input.

What you get back

The remediation agent returns a proposed change. You review it, apply it, edit it, or discard it. The CLI does not push any changes to your repository on its own; you stay in control of what lands.

Override the project

If auto-detection picks the wrong project (for example, when your repo is mapped to several SonarQube projects), pass --project explicitly:

sonar remediate --project my-org_specific-project

Use it from an AI agent

After you install the Claude Code or GitHub Copilot integration, the agent can call sonar remediate itself. Example prompt:

"List the BLOCKER issues in my-org_my-app, pick the top three, and run sonar remediate on them."

PreviousAnalyzing local changes NextSecrets scanning

Last updated 5 days ago

Was this helpful?