# Overview
> **Warning:** This product is in Beta stage and we may release breaking changes.
The SonarQube CLI ships first-class integrations for the tools your engineers use every day. Each `sonar integrate` subcommand connects SonarQube to one of these tools. It installs secrets-scanning hooks, configures the [MCP server](https://github.com/SonarSource/sonarqube-mcp-server) where applicable, and sets up [SonarQube Agentic Analysis](https://docs.sonarsource.com/agent-centric-development-cycle/features/agentic-analysis) on SonarQube Cloud.
## What's available
{% content-ref url="/pages/GsnHMjDJsVFXYYHGTsTl" %}
[Claude Code](/sonarqube-developer-tools/sonarqube-cli/integrations/claude-code.md)
{% endcontent-ref %}
{% content-ref url="/pages/uUKVySDXKtRW5d82SXSI" %}
[GitHub Copilot](/sonarqube-developer-tools/sonarqube-cli/integrations/github-copilot.md)
{% endcontent-ref %}
{% content-ref url="/pages/A04tdj6uvTfr53GhRQ0O" %}
[OpenAI Codex](/sonarqube-developer-tools/sonarqube-cli/integrations/codex.md)
{% endcontent-ref %}
{% content-ref url="/pages/IXmt8zAs7MpoNUgSuwC6" %}
[Git hooks](/sonarqube-developer-tools/sonarqube-cli/integrations/git-hooks.md)
{% endcontent-ref %}
## Project versus global scope
Every integration command accepts a **scope**:
| Scope | Flag | Where files are installed | When to use |
| --------------------- | ----------- | --------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| **Project (default)** | `--project` | Inside your repository (`.claude/`, `.copilot/`, Codex config, `.git/hooks/`) | Per-repo configuration. The hook ships with the repo and applies only when working in that project. |
| **Global** | `--global` | In your user home (`~/.claude/`, `~/.copilot/`, `~/.codex/`, `~/.sonar/sonarqube-cli/hooks/`) | Apply once, get the integration across every project on your machine. Recommended for individual developers and for security baselines. |
If you install a global integration first and then run the same `sonar integrate` command in a project, the CLI detects the existing global setup and skips redundant hook installation.
## What gets installed
AI agent integrations (`sonar integrate claude`, `copilot`, and `codex`) wire SonarQube into secrets scanning, the MCP server, and (on SonarQube Cloud) Agentic Analysis and Context Augmentation, though the underlying mechanism depends on what each agent exposes:
* **Secrets-scanning hook(s).** For Claude Code, a `UserPromptSubmit` hook (scans the prompt you send to Claude) and a `PreToolUse` hook (runs before file reads/writes). For GitHub Copilot, a pre-tool-use hook. For OpenAI Codex, a `UserPromptSubmit` hook (scans the prompt before it is sent to Codex). All three block any operation that would expose a secret. Powered by [`sonar analyze secrets`](/sonarqube-developer-tools/sonarqube-cli/analysis/secrets-scanning.md).
* **MCP server configuration.** Lets the agent call SonarQube directly to fetch projects, issues, and rules.
* **Agentic Analysis integration** (SonarQube Cloud only). For Claude Code, a `PostToolUse` hook that runs Agentic Analysis on the agent's edits automatically. For GitHub Copilot and Codex, instructions that let the agent invoke `sonar analyze` on your changes.
* **Context Augmentation skill** (SonarQube Cloud only, when enabled for your organization). On eligible project installs, the integrate commands install a skill that lets the agent pull project guidelines, architecture, semantic navigation, and dependency context through the CLI integration as it works. Context Augmentation is project-scoped: `--global` installs skip it, and `--skip-context` opts out.
`sonar integrate git` installs only the secrets-scanning hook, but at the Git layer, so commits and pushes are blocked even outside of an AI agent's session.
## Recommended setup for a developer's laptop
```bash
sonar auth login
sonar integrate claude --global # or copilot --global
sonar integrate git --global
```
This gives every project on the machine secrets blocking at three layers: AI agent reads, AI agent writes, and Git commits/pushes.
## Recommended setup for a team rollout
For larger rollouts (dozens to thousands of engineers), pair the per-machine global integrations above with a CI-side scan that catches anything the local hooks missed:
```bash
sonar analyze secrets .
# Exits 51 if secrets are found — fails the pipeline.
```
See [Environment variables](/sonarqube-developer-tools/sonarqube-cli/using-sonarqube-cli/environment-variables.md) and [Exit codes](/sonarqube-developer-tools/sonarqube-cli/using-sonarqube-cli/exit-codes.md) for the CI/CD recipe.
## Related pages
* [Secrets scanning](/sonarqube-developer-tools/sonarqube-cli/analysis/secrets-scanning.md)
* [Analyzing local changes](/sonarqube-developer-tools/sonarqube-cli/analysis/analyzing-local-changes.md)
* [Commands reference](/sonarqube-developer-tools/sonarqube-cli/using-sonarqube-cli/commands.md)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.sonarsource.com/sonarqube-developer-tools/sonarqube-cli/integrations/integrations.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.