Enable AI CodeFix
Sonar’s AI CodeFix can suggest fixes for a select set of rules in Java, JavaScript, TypeScript, Python, C#, and C++.
AI CodeFix is only available in SonarQube Server Enterprise and Data Center editions to provide AI-generated fixes for your issues.
Sonar’s AI CodeFix uses a large language model (LLM) to automatically generate AI-driven code fixes for the issues discovered by SonarQube Server. As a software administrator, you have flexible configuration options. You can use models hosted by SonarSource or connect to LLMs running within your own infrastructure. This includes cloud hyperscalers or completely self-hosted on-prem LLMs.
You have the option to define the LLM used to suggest fixes for a select set of rules in Java, JavaScript, TypeScript, Python, HTML, CSS, C#, and C++. Choose between:
One of Sonar's two OpenAI models OpenAI’s GPT-5.1 (recommended), and GPT-4o.
Bring your own LLM running on one of the following providers: Azure OpenAI LLM Service model or AWS Bedrock.
Configure a self‑hosted LLM gateway (for example, Ollama, LiteLLM, or vLLM).
Using AI CodeFix is simple. When you request a fix, the affected code and issue description are sent to the LLM you define. AI CodeFix then proposes an edit that resolves the problem without changing the code’s functionality.
Sharing your code with Sonar
For fully self-hosted SonarQube Server configurations, AI CodeFix is designed to operate without outbound internet access. All necessary prompts and rule descriptions for AI CodeFix are provided with the SonarQube product installation.
Requirement: The SonarQube Server instance must be able to reach your configured LLM endpoint.
If you use Sonar’s AI CodeFix LLM, the affected code snippet will be sent by the AI CodeFix service to the selected LLM. Service agreements with Sonar’s LLMs prevent your code from being used to train those models.
For details about terms and conditions, please refer to the AI CodeFix terms in our Legal Documentation.
Enabling AI-generated fix suggestions
As an Instance Admin, you can enable or disable AI-generated fix suggestions on your projects. Select your provider below and follow the steps for that provider.
To configure AI CodeFix using Sonar’s hosted OpenAI service:
Go to Administration > Configuration > General Settings > AI CodeFix and select Enable AI CodeFix.
Under Provider, select your model:
GPT-5.1 (recommended)
GPT-4o
Lastly, select either All projects or Only selected projects to decide which projects have access to AI CodeFix suggestions.
When choosing Only selected projects, add projects individually from the list to activate the feature. New projects are not added automatically.
You’ll need a connection to the internet to access SonarQube Server’s AI CodeFix service.
The service is provided via api.sonarqube.io and has these static IP addresses:
99.83.135.55 (CIDR: 99.83.135.55/32)
15.197.164.24 (CIDR: 15.197.164.24/32)
Your SonarQube Server instance must be able to reach your configured LLM endpoint and therefore, doesn’t require internet access to run. To configure AI CodeFix using your own Azure OpenAI LLM Service model:
Go to Administration > Configuration > General Settings > AI CodeFix and select Enable AI CodeFix.
Under Provider, select Azure OpenAI, then provide the following:
Endpoint (required): the full URL to your Azure OpenAI deployment, including the
deployment-idandapi-versionparameters. For example:https://<YOUR-ENDPOINT>.openai.azure.com/openai/deployments/<YOUR-DEPLOYMENT-ID>/completions?api-version=<YOUR-API-VERSION>API Key (required): your Azure OpenAI API key. For more information, see the Azure OpenAI Service documentation.
Optional: for enhanced security, go to Administration > Configuration > General Settings > Security and select Enforce Azure OpenAI Endpoint Domain to restrict accepted endpoint URLs to domains ending in
.openai.azure.com. Verify that your endpoint from step 2 matches this domain before enabling this setting.Lastly, select either All projects or Only selected projects to decide which projects have access to AI CodeFix suggestions.
When choosing Only selected projects, add projects individually from the list to activate the feature. New projects are not added automatically.
Sonar recommends using GPT-5.1 based on Sonar's benchmarks. If you select a different model, fix suggestion quality may vary. Sonar is not responsible for quality degradation when using models other than the recommended one.
For more information, see the Azure documentation on service models.
Your SonarQube Server instance must be able to reach your configured LLM endpoint and therefore, doesn’t require internet access to run. To configure AI CodeFix using your own AWS Bedrock model:
Prerequisites: Your SonarQube Server instance must be running on Amazon EC2, Amazon ECS, or Amazon EKS, and must have permission to access AWS Bedrock.
Go to Administration > Configuration > General Settings > AI CodeFix and select Enable AI CodeFix.
Under Provider, select AWS Bedrock, then provide the following:
Region (required): the AWS region where your Bedrock model is deployed. For example:
us-east-1oreu-central-1.Model ID (required): the identifier of the Bedrock model to use. For a list of supported models and their IDs, see the Amazon Bedrock documentation.
Lastly, select either All projects or Only selected projects to decide which projects have access to AI CodeFix suggestions.
When choosing Only selected projects, add projects individually from the list to activate the feature. New projects are not added automatically.
Sonar recommends using GPT-5.1 based on Sonar's benchmarks. If you select a different model, fix suggestion quality may vary. Sonar is not responsible for quality degradation when using models other than the recommended one.
Your SonarQube Server instance must be able to reach your configured LLM endpoint and therefore, doesn’t require internet access to run. To configure AI CodeFix using a self-hosted LLM gateway (for example, Ollama, LiteLLM, or vLLM):
Go to Administration > Configuration > General Settings > AI CodeFix and select Enable AI CodeFix.
Under Provider, select Custom, then provide the following:
Endpoint (required): the URL of your OpenAI-compatible self-hosted gateway endpoint. For example:
http://localhost:11434/v1.Model ID (required): the name of the model served by your gateway. For example:
llama3.2.1b.Header name and Value (optional): add any HTTP headers required by your gateway, such as authentication tokens. It's possible to add multiple headers.
SonarQube Server only accepts gateways that expose an OpenAI-compatible API. For example, if you are using Ollama, use the OpenAI-compatible endpoint (
/v1) rather than the native Ollama API (/api).Lastly, select either All projects or Only selected projects to decide which projects have access to AI CodeFix suggestions.
When choosing Only selected projects, add projects individually from the list to activate the feature. New projects are not added automatically.
Sonar recommends using GPT-5.1 based on Sonar's benchmarks. If you select a different model, fix suggestion quality may vary. Sonar is not responsible for quality degradation when using models other than the recommended one.
Once enabled, developers can get AI-generated fix suggestions from the Issues page in their projects. See the Fixing issues page for more details.
Disabling AI CodeFix
To disable AI CodeFix completely in SonarQube Server and hide the feature from all users, including Instance Admins, set the system property sonar.ai.codefix.hidden to true. For more information, see the Configuration methods page.
Getting AI-generated fix suggestions
Once AI CodeFix is enabled, users will be able to select Generate AI Fix on eligible issues and copy/paste the fix into their IDE with the Open in IDE feature when using connected mode.
The easiest way to use AI CodeFix is by using AI CodeFix in your IDE. Simply open your project in SonarQube for VS Code or SonarQube for IntelliJ, and set up connected mode with SonarQube Server. In your IDE, select an issue marked with the 
icon, open the Rule description > AI CodeFix tab, and select Generate Fix. A fix will be generated in the code editor and you’ll have a chance to Apply or Decline the suggestion.
For IntelliJ, see AI CodeFix in your IDE.
For VS Code, see AI CodeFix in your IDE.
For complete details about using AI CodeFix to fix your issues in SonarQube Cloud, see Getting AI-generated fix suggestions. See the Rules covered with AI CodeFix article to learn more about which rules are eligible for AI CodeFix.
Usage limits
Limits are placed on the AI CodeFix feature to manage abuse. Developers will be notified directly when the monthly allocation is reached for your organization. If the instance is blocked due to reaching the allowance, users attempting to generate a fix will see an error message. Usage quotas are reset on the first day of each month.
SonarQube Server instances that are using a self-hosted LLM are not subject to Sonar’s limits however, you may encounter rate limits from your self-hosted LLM provider.
Marking a project as containing AI-generated code
Sonar recognizes that code should be monitored with additional quality standards and offers administrators a series of project labels and custom quality gate certifications described on the Set your AI standards page.
Related pages
Agent Centric Development Cycle of AI capabilities in SonarQube Server
Last updated
Was this helpful?