Installing the scanner

How to install the SonarScanner for NPM.

SonarScanner for NPM — 4.3.0 | Issue Tracker

4.3.0 ^_2025-03-24 ^Support^sonar.region Download Release notes

4.2.8 ^_2025-02-28 ^{Minor improvements} Download Release notes

4.2.7 ^_2025-02-18 ^{Change name to}^@sonar/scan Download Release notes

4.2.6 ^_2024-12-18 ^{Fix: support for Node.js 20} Download Release notes

4.2.5 ^_2024-11-10 ^{Fix: improved error messages} Download Release notes

4.2.4 ^_2024-10-01 ^{Update dependencies} Download Release notes

4.2.3 ^_2024-08-22 ^{Fix: support for Node.js 18} Download Release notes

4.2.2 ^_2024-07-15 ^{Fix: improved error handling} Download Release notes

4.2.1 ^_2024-06-10 ^{Update dependencies} Download Release notes

4.2.0 ^_2024-05-01 ^{Add support for new SonarQube features} Download Release notes

4.1.3 ^_2024-03-20 ^{Fix: compatibility with SonarQube 10.2} Download Release notes

4.1.2 ^_2024-02-10 ^{Update dependencies} Download Release notes

4.1.1 ^_2024-01-05 ^{Fix: improved logging} Download Release notes

4.1.0 ^_2023-12-01 ^{Add support for SonarQube 10.0} Download Release notes

4.0.4 ^_2023-10-15 ^{Fix: improved error messages} Download Release notes

4.0.3 ^_2023-09-10 ^{Update dependencies} Download Release notes

4.0.2 ^_2023-08-01 ^{Fix: compatibility with Node.js 16} Download Release notes

4.0.1 ^_2023-07-01 ^{Update dependencies} Download Release notes

4.0.0 ^_2023-06-01 ^{Initial release as}^{sonarqube-scanner} Download Release notes

3.9.0 ^_2023-05-01 ^{Update dependencies} Download Release notes

3.8.0 ^_2023-03-15 ^{Add support for SonarQube 9.9 LTS} Download Release notes

3.7.0 ^_2023-01-10 ^{Update dependencies} Download Release notes

3.6.0 ^_2022-11-20 ^{Fix: improved error handling} Download Release notes

3.5.0 ^_2022-09-05 ^{Update dependencies} Download Release notes

3.4.0 ^_2022-07-01 ^{Add support for SonarQube 9.6} Download Release notes

3.3.0 ^_2022-05-10 ^{Update dependencies} Download Release notes

3.2.0 ^_2022-03-15 ^{Fix: improved logging} Download Release notes

3.1.0 ^_2022-01-10 ^{Update dependencies} Download Release notes

3.0.0 ^_2021-11-01 ^{Initial support for SonarQube 9.x} Download Release notes

2.17.0 ^_2021-09-15 ^{Update dependencies} Download Release notes

2.16.0 ^_2021-07-01 ^{Fix: improved error handling} Download Release notes

2.15.0 ^_2021-05-10 ^{Update dependencies} Download Release notes

2.14.0 ^_2021-03-15 ^{Add support for SonarQube 8.9 LTS} Download Release notes

2.13.0 ^_2021-01-10 ^{Update dependencies} Download Release notes

2.12.0 ^_2020-11-01 ^{Fix: improved logging} Download Release notes

2.11.0 ^_2020-09-15 ^{Update dependencies} Download Release notes

2.10.0 ^_2020-07-01 ^{Add support for SonarQube 8.6} Download Release notes

2.9.0 ^_2020-05-10 ^{Update dependencies} Download Release notes

2.8.0 ^_2020-03-15 ^{Initial release} Download Release notes

Depending on how you want to start the scanner, you will use a different installation method:

To start the scanner by adding the analysis to your build files: add the package to your project devDependencies.
To start the scanner from the command line: install the package in global mode.
To run analyses with npx: no installation is required.

Prerequisites

To analyze JavaScript, TypeScript, or CSS code, the SonarScanner for NPM requires that your Node.js must be at least 18.20.0.

See also the General requirements page for additional requirements.

Adding the scanner to your project devDependencies

Use the following command:

npm install -D @sonar/scan

Installing the scanner in global mode

Use the following command:

npm install -g @sonar/scan

Performing advanced setup

Changing the scanner cache folder

By default, the scanner binaries are cached into $HOME/.sonar/native-sonar-scanner folder. To use a custom cache folder instead of $HOME, set $SONAR_BINARY_CACHE.

Example:

export SONAR_BINARY_CACHE=/Users/myaccount/cache

or alternatively, set the variable in .npmrc:

sonar_binary_cache=/Users/myaccount/cache

Setting up the connection to a proxy server

In case the CI/CD host is behind a proxy, you must define the proxy-related analysis parameters required to connect to your proxy server to allow the scanner to download the scanner binaries. For more information, see Analysis parameters. You may also use the HTTP_PROXY or HTTPS_PROXY environment variable.

Examples:

sonar.scanner.proxyHost=mycompanyproxy.com sonar.scanner.proxyPort=4254 sonar.scanner.proxyUser=sys sonar.scanner.proxyPassword=e12iUp!
HTTP_PROXY=http://user:[email protected]:PORT

If your instance of SonarQube Server is secured

If your SonarQube Server instance is secured behind a proxy and a self-signed certificate then you must add the self-signed certificate to the trusted CA certificates of the SonarScanner. In addition, if mutual TLS is used then you must define the access to the client certificate at the SonarScanner level.

See TLS certificates on client side and Securing behind a proxy.

Troubleshooting the installation

Docker container: the scanner fails with "…/jre/bin/java: not found"

You are probably relying on Alpine for your Docker image, and Alpine does not include glibc by default. It needs to be installed manually.

PreviousIntroduction NextUsing the scanner

Last updated 3 days ago

Was this helpful?