Homepage

SonarQube for IDE

SonarQube for IDE is a free developer companion brought to you by Sonar that brings real-time static analysis, quick-fix guidance, and security issue detection directly into your coding editor. It surfaces issues as you code, explains why they matter, and suggests clear next steps — so you can improve quality at the source without breaking your flow. The complete list of supported languages, frameworks, and IaC platforms is available on the Rules and languages page.

Your code is checked against an extensive set of rules that cover many attributes of code, such as maintainability, reliability, and security issues. It’s possible to analyze more rules, assign issues, share quality profiles, and more, with your team when running in connected mode with SonarQube (Server, Cloud) or SonarQube Community Build. See the Connected mode page for more details.

Sonar’s IDE extensions are available for IntelliJ (and other JetBrains IDEs), Visual Studio, VS Code, and Eclipse, and can be installed directly from your IDE’s plugin marketplace. SonarQube for IDE leverages over 5,000 language-specific rules.

Achieving high quality code

SonarQube sets high standards for all code — ensuring software is secure, reliable, and maintainable. This applies across all code types: source code, test code, infrastructure as code, glue code, scripts, and AI-generated code.

All new code, whether written by a developer or generated by an AI agent, should meet the same quality and security standards. SonarQube for IDE achieves this by providing automated code verification that surfaces bugs, vulnerabilities, and maintainability issues in real time, before code is merged or released. This helps teams maintain consistent standards across the entire codebase — and is the foundation for high-performance software engineering.

SonarQube (Server, Cloud) and SonarQube Community Build come with a built-in quality profile designed for each supported language, called the Sonar way profile. The Sonar way activates a set of rules applicable to most projects and is a starting point for implementing good practices in your organization.

• See SonarQube Server Quality standards administration

• See SonarQube Cloud Setting your quality standards

• See SonarQube Community Build Quality standards administation

The SonarQube solution

SonarQube is designed to help you achieve a state of high quality, verified code at every stage of development. By linking SonarQube for IDE with SonarQube (Server, Cloud) and SonarQube Community Build, automated code analysis runs continuously across the development lifecycle; we call this the SonarQube solution. Your project settings, new code definitions, and quality profiles managed in SonarQube (Server, Cloud) or SonarQube Community Build are applied locally to an analysis in the IDE.

• SonarQube for IDE brings automated code verification directly into your development environment, surfacing issues as you write — whether authored by a developer or generated by an AI tool — so problems are caught before code is even committed.

• Then, SonarQube (Server, Cloud) delivers powerful static analysis by reviewing each pull request before it’s merged. This adds an essential verification layer, ensuring code quality and preventing issues from entering your codebase. See the pull request pages in the server documentation for more details:

  • Pull request analysis in SonarQube Server

  • Pull request analysis in SonarQube Cloud

• Finally, SonarQube (Server, Cloud) and SonarQube Community Build integrate into your CI/CD pipeline, analyzing code on every build. Using quality profiles and quality gates, they automatically block code with issues from reaching production — ensuring only secure, reliable, and maintainable code makes it through.

The SonarQube solution embodies a clear methodology: Guide your AI tools and developers with the right standards, verify every line of code automatically, and solve issues at the source before they compound. Focusing on new code during development ensures that all code released for production will be incrementally improved over time.

Connected Mode

Connected mode joins SonarQube for IDE with SonarQube (Server, Cloud) or SonarQube Community Build to deliver the full Sonar solution. SonarQube for IDE and SonarQube Server 2025.1+, SonarQube Cloud, or SonarQube Community Build analyses help to ensure that only high-quality code makes it into your project.

Be sure to check out all of the benefits when using Connected mode.

Getting started

Now that you’ve heard about how SonarQube for IDE can help you verify and ship secure, reliable code, you are ready to try it out for yourself. After installing SonarQube for VS Code in your IDE from the Marketplace, open a project using a supported language and let it run an analysis.

See the Getting started, Rules and languages, and Running an analysis pages for more information.

The Investigating issues page will show you how to find issues in the IDE, and the Fixing issues page explains how to start addressing issues in your code as you write.

Learn more

Check out the entire suite of Sonar products: SonarQube Server, SonarQube Cloud, and SonarQube for IDE.

Then, have a look at the types of issues that SonarQube for IDE detects when combined with SonarQube Server and SonarQube Cloud, and browse a full list of Sonar rules available for static code analysis on the Rules page of your SonarQube Server instance or in your SonarQube Cloud organization.

• Managing issues in SonarQube Server

• Managing code issues in SonarQube Cloud

Staying connected

Use the following links to follow SonarQube for VS Code behind the scenes:

• Source code

• Issue tracker Jira

And if you need help, visit our online community to search for answers and reach out with questions!

License

Copyright 2015-2025 SonarSource Sàrl, Switzerland.

Licensed under the GNU Lesser General Public License, Version 3.0