AI CodeFix
Sonar's AI CodeFix uses a large language model (LLM) to automatically generate AI-driven code fixes for the issues discovered by SonarQube Server. The feature is available in SonarQube Server, Enterprise and Data Center editions.
Using AI CodeFix is simple. When you request a fix, the affected code and issue description are sent to an LLM. AI CodeFix then proposes an edit that resolves the problem without changing the code’s functionality.
AI CodeFix currently uses Open AI’s GPT-4o or your own Azure OpenAI LLM Service model, to suggest fixes for a select set of rules in Java, JavaScript, TypeScript, Python, C#, and C++. To learn more about which rules are eligible for AI CodeFix, please see the list of Rules covered with AI CodeFix.
Enabling AI-generated fix suggestions
As an Instance Admin, you can activate or deactivate AI CodeFix for your organization at the global and project levels; see the Enabling AI CodeFix page for the full details.
Sharing your code with Sonar
When you select a self-hosted LLM, your code stays within your network. However, Sonar’s AI CodeFix service needs to send the latest prompts and supported rule descriptions therefore, your instance of SonarQube server will still need internet connectivity.
If you use Sonar's AI CodeFix LLM, the affected code snippet will be sent by the AI CodeFix service to the selected LLM. Service agreements with Sonar’s LLMs prevent your code from being used to train those models.
For details about terms and conditions, please refer to the AI CodeFix terms in our Legal Documentation.
Getting AI-generated fix suggestions
Once AI CodeFix is enabled, users will be able to select Generate AI Fix on eligible issues and copy/paste the fix into their IDE with the Open in IDE feature when using connected mode. If your Engineers are using SonarQube for IntelliJ or VS Code, AI CodeFix is available in the IDE and follows the settings you defined by your quality profile.
To use AI CodeFix in SonarQube, please see the article on Getting AI-generated fix suggestions.
AI Code Assurance
SonarQube Server recognizes that AI-generated code should be monitored with additional quality standards and offers administrators a series of tools described on the Standards for AI-generated code page. The feature includes labels to mark projects with AI-generated code, custom quality gates that help protect your projects, and a set of external badges to monitor projects containing AI code.
It's possible to view ratings for projects with AI Code Assurance in your portfolios beginning in the Enterprise edition. There, you will see a breakdown of projects, applications, and nested portfolios that include the standards you've set for AI-generated code. See the Portfolio breakdown article for more information.
If you’ve already set up AI Code Assurance and are ready to use the badges, they work just like any other. For instructions about Monitoring your projects containing AI code, please see the Using a project badge page. You do not need to enable the AI CodeFix feature to use AI Code Assurance.
Related pages
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
