Ctrlk
BetaDeveloper

Quickstart guide

Install the SonarQube CLI, authenticate with SonarQube Cloud or SonarQube Server, and run your first three commands.

Warning: This product is in Beta stage and we may release breaking changes.

This guide takes you from zero to a working CLI in about five minutes. By the end, you'll have the CLI installed, an active SonarQube connection, and you'll have run a secrets scan and a local-change analysis.

If you're setting the CLI up for a CI/CD pipeline or an AI coding agent instead, follow these guides:

Step 1: Install the CLI

curl -o- https://raw.githubusercontent.com/SonarSource/sonarqube-cli/refs/heads/master/user-scripts/install.sh | bash

The installer places the sonar binary in ~/.local/share/sonarqube-cli/bin/ and appends that directory to your PATH in ~/.bashrc, ~/.zshrc, or your shell's profile file.

Note: Restart your terminal after installing. The sonar command becomes available only after your shell reloads its PATH.

Verify the install

sonar --version

You'll see a version number like 0.14.0. If you get command not found, see Command not found after install at the bottom of this page.

Step 2: Authenticate

The CLI supports two authentication modes:

  • Interactive (recommended for personal use): the CLI opens your browser to log in to SonarQube, then stores the generated user token in your system keychain.

  • Environment variables (recommended for CI/CD and AI agents): the CLI reads SONARQUBE_CLI_TOKEN and related variables at runtime. No keychain or browser required. See Authenticating in CI/CD with environment variables.

Warning: User tokens are required when authenticating your SonarQube CLI with SonarQube Cloud or SonarQube Server. The CLI won't function properly if project tokens, global tokens, or scoped organization tokens are used during setup.

Interactive login

The CLI prompts you to choose between SonarQube Cloud and SonarQube Server, then asks for a region (Cloud) or an instance URL (Server). A browser window opens and walks you through token creation.

To skip these prompts, pass --server when you run the command:

Warning: WSL users: sonar auth login relies on system keychain access, which is not available in WSL. Authenticate with Environment variables instead.

Specify an organization (SonarQube Cloud only)

SonarQube Cloud authentication is scoped to an organization. If you don't pass one, the CLI auto-selects the organization when you belong to exactly one, or prompts you to pick one when you belong to several. To skip the prompt, append --org <YourOrganizationKey>:

You can find your organization key on your SonarQube Cloud Account > Organizations page: https://sonarcloud.io/account/organizations.

This option is ignored when authenticating with SonarQube Server.

Non-interactive authentication

For automation, CI/CD, and AI agents, set environment variables instead of running sonar auth login:

See the Environment variables page for information about SonarQube Server, US Cloud region, and other precedents.

Verify your connection

If the token is valid, you'll see the active server, organization (for Cloud), and the user it resolves to.

Step 3: Run your first three commands

Try these in order to confirm everything works end to end.

List your projects

Outputs every project your token can see as JSON. Pipe through jq if you need to transform or filter it.

Scan a file for secrets

The CLI flags the hardcoded token and exits with code 51. Delete validate-secrets.js afterwards.

For deeper coverage (Git hooks, AI agent hooks, false positives), see Secrets scanning.

Analyze your local changes (SonarQube Cloud only)

This runs secrets scanning on your staged files and, on SonarQube Cloud, sends them to Agentic Analysis. For more options (single files, branch comparison, JSON output), see Analyzing local changes.

What's next

Troubleshooting

Command not found after install

If sonar --version returns command not found:

  1. Restart your terminal (the installer updates your shell profile, but only new shells pick it up).

  2. Confirm the binary exists:

    • macOS/Linux: ls -l ~/.local/share/sonarqube-cli/bin/sonar

    • Windows (PowerShell): Get-Item $env:LOCALAPPDATA\sonarqube-cli\bin\sonar.exe

  3. If the binary is there but still not on your PATH, add it manually:

    • macOS/Linux: append this to your ~/.bashrc or ~/.zshrc and reload:

    • Windows: open a new PowerShell window. If PATH still doesn't include the install directory, sign out and back in to reload your user environment.

Browser login doesn't return to the terminal

sonar auth login opens a local callback URL that the browser redirects to after you approve the token. If the browser hangs:

  • Make sure no firewall is blocking 127.0.0.1 on the printed port.

  • Cancel the prompt (Ctrl+C) and use your environment variables to authenticate without a browser.

"Invalid token" or "Authentication failed"

  • Confirm you're using a user token, not a project, global, or organization-scoped token.

  • For SonarQube Cloud, check that the token belongs to the correct region. EU (https://sonarcloud.io) tokens do not work with servers in the US region (https://sonarqube.us).

  • Re-run sonar auth status to inspect the active connection.

For more issues, see Getting help.

PreviousSonarQube CLINextCommands reference

Last updated

Was this helpful?