Homepage

What is SonarQube?

The SonarQube platform delivers automated code quality and security analysis for modern development teams. Designed to seamlessly integrate with your CI/CD pipelines and DevOps tooling, it continuously reviews your source code to uncover bugs, security vulnerabilities, security hotspots, code smells, and architecture issues before code is merged or released. With broad support for 40+ programming languages and frameworks, SonarQube empowers developers and organizations to uphold high standards of code health across web, mobile, embedded, and cloud-native apps. It’s trusted by more than 7 million developers, underscoring its industry leadership as a critical solution for secure, maintainable, and high-quality software development.

Customers can choose between two delivery methods for SonarQube—SonarQube Cloud, the cloud-based, software-as-a-service (SaaS) offering or SonarQube Server, the a self-managed, self-hosted server side solution.

The SonarQube platform also includes an IDE plugin, SonarQube for IDE, that brings real-time static analysis, quick-fix guidance, and security issue detection directly into your coding editor.

Achieving high quality code

SonarQube sets high standards for all code — ensuring software is secure, reliable, and maintainable. This applies across all code types: source code, test code, infrastructure as code, glue code, scripts, and AI-generated code.

All new code, whether written by a developer or generated by an AI agent, should meet the same quality and security standards. SonarQube achieves this by providing automated code verification that surfaces bugs, vulnerabilities, and maintainability issues in real time, before code is merged or released. This helps teams maintain consistent standards across the entire codebase — and is the foundation for high-performance software engineering.

SonarQube Server comes with a built-in quality profile designed for each supported language, called the Sonar way profile, see Understanding quality profiles. The Sonar way activates a set of rules applicable to most projects and is a starting point for implementing good practices in your organization.

The SonarQube solution

SonarQube is designed to help you achieve a state of high quality, verified code at every stage of development. By linking SonarQube for IDE (VS Code, IntelliJ, Visual Studio , Eclipse) with SonarQube Cloud or SonarQube Server, automated code analysis runs continuously across the development lifecycle. We call this the SonarQube solution. Your project settings, new code definitions, and quality profiles managed in SonarQube (Server, Cloud) are applied locally to an analysis in the IDE.

• SonarQube for IDE (VS Code, IntelliJ, Visual Studio , Eclipse) brings automated code verification directly into your development environment, surfacing issues as you write — whether authored by a developer or generated by an AI tool — so problems are caught before code is even committed.

• SonarQube delivers powerful static analysis by reviewing each pull request before it’s merged. This adds an essential verification layer, ensuring code quality and preventing issues from entering your codebase. See the introduction to PR analysis on SonarQube Server and the Pull request analysis page on SonarQube Cloud.

• Finally, SonarQube Server and SonarQube Cloud integrate into your CI/CD pipeline, analyzing code on every build. Using quality profiles and quality gates, they automatically block code with issues from reaching production — ensuring only secure, reliable, and maintainable code makes it through.

The SonarQube solution embodies a clear methodology: Guide your AI tools and developers with the right standards, serify every line of code automatically, and solve issues at the source before they compound. Focusing on quality and verification at the point of creation ensures your codebase improves incrementally over time.

Connected Mode

Connected Mode joins SonarQube Server with SonarQube for IDE to deliver the full SonarQube solution. While in Connected Mode, SonarQube Server sends notifications to SonarQube for IDE when a quality gate changes or a new issue is assigned to the user. Smart notifications can be enabled or disabled from the SonarQube for IDE interface while creating or editing the connection settings. Additionally, SonarQube for IDE helps engineers focus on writing high quality code by using the new code definition from the server. Be sure to check out all of the benefits of Connected mode.

Getting started

Now that you’ve heard about how SonarQube Server can help you verify and ship secure, reliable code, you are ready to try out SonarQube Server for yourself. You can run a local non-production instance of SonarQube Server and the initial project analysis. Installing a local instance gets you up and running quickly, so you can experience SonarQube Server firsthand. Then, when you’re ready to set up SonarQube Server in production, you’ll need to follow this Introduction to installation before configuring your first code analysis.

The Project analysis setup section explains how to connect your scanner to your CI pipeline and provides instructions for analyzing your project’s branches and pull requests.

Here is a page with everything you need to Try out SonarQube Server.

Learn more

Check out the entire suite of Sonar products: SonarQube Server, SonarQube Cloud, and SonarQube for IDE available for static code analysis.

Then, have a look at how to fix issues detected by SonarQube for IDE in

• VS Code: Fixing issues

• IntelliJ: Fixing issues

• Visual studio: Fixing issues

• Eclipse: Fixing issues

More getting started resources

• Introduction to server installation and setup

• Importing your DevOps platform repository

• Introduction

• Managing portfolios

Related online learning

• Getting started with Sonar: Onboarding essentials

Staying connected

If you need help, visit our online community to search for answers and reach out with questions!