Enabling AI CodeFix for your SonarQube Server instance
Sonar's AI CodeFix uses a large language model (LLM) to automatically generate AI-driven code fixes for the issues discovered by SonarQube Server. The feature is available in SonarQube Server, Enterprise and Data Center editions.
Using AI CodeFix is simple. When you request a fix, the affected code and issue description are sent to an LLM. AI CodeFix then proposes an edit that resolves the problem without changing the code’s functionality.
AI CodeFix currently uses Open AI’s GPT-4o or your own Azure OpenAI LLM Service model, to suggest fixes for a select set of rules in Java, JavaScript, TypeScript, Python, C#, and C++. To learn more about which rules are eligible for AI CodeFix, please see the list of Rules covered with AI CodeFix.
Sharing your code with Sonar
When you select a self-hosted LLM, your code stays within your network. However, Sonar’s AI CodeFix service needs to send the latest prompts and supported rule descriptions therefore, your instance of SonarQube server will still need internet connectivity.
If you use Sonar's AI CodeFix LLM, the affected code snippet will be sent by the AI CodeFix service to the selected LLM. Service agreements with Sonar’s LLMs prevent your code from being used to train those models.
For details about terms and conditions, please refer to the AI CodeFix terms in our Legal Documentation.
Enabling AI-generated fix suggestions
As an Instance Admin, you can enable or disable AI-generated fix suggestions on your projects. To enable AI CodeFix:
- Go to Administration > Configuration > General Settings > AI CodeFix and select Enable AI CodeFix.
- Select your Provider:
- The default option is Sonar’s OpenAI which uses GPT-4o.
- To choose your own Azure OpenAI LLM:
- Select Self-hosted Bring Your Own Model.
- Provide your Azure OpenAI Endpoint. The endpoint URL should include the
deployment-idandapi-versionparameters.
Here is an example:https://<YOUR-ENDPOINT>/openai/deployments/<YOUR-DEPLOYMENT-ID>/completions?api-version=<YOUR-API-VERSION> - Provide your Azure OpenAI API Key. For information about using Azure AI models, see the Azure OpenAI Service documentation.
- Once AI CodeFix is enabled, choose either All projects or Only selected projects:
When choosing Only selected projects, add projects individually from the list to activate the feature. New projects will not be added automatically.
Sonar recommends using GPT-4o as your Azure OpenAI Service model because it produces the best results. Using other models may produce unexpected fix suggestions that have undesirable effects.
For more information on your choices, see the Azure documentation on service models.
You'll need a connection to the internet to access SonarQube Server’s AI CodeFix service.
The service is provided via api.sonarqube.io and has these static IP addresses:
- 99.83.135.55 (CIDR: 99.83.135.55/32)
- 15.197.164.24 (CIDR: 15.197.164.24/32)
Once enabled, developers can get AI-generated fix suggestions from the Issues page in their projects. See Fixing issues for more details.
Disabling AI CodeFix
To disable AI CodeFix completely in SonarQube Server and hide the feature from all users, including Instance Admins, set sonar.ai.codefix.hidden=true in your sonar.properties file. Information about variables can be found on the Environment variables page.
Getting AI-generated fix suggestions
Once AI CodeFix is enabled, users will be able to select Generate AI Fix on eligible issues and copy/paste the fix into their IDE with the Open in IDE feature when using connected mode.
The easiest way to use AI CodeFix is by using AI CodeFix in your IDE. Simply open your project in SonarQube for IntelliJ or VS Code, and set up connected mode with SonarQube Server. In your IDE, select an issue marked with the 
icon, open the Rule description > AI CodeFix tab, and select Generate Fix. A fix will be generated in the code editor and you'll have a chance to Apply or Decline the suggestion.
For complete details about using AI CodeFix to fix your issues in SonarQube Cloud, see the article on Getting AI-generated fix suggestions.
Marking a project as containing AI-generated code
SonarQube Server recognizes that AI-generated code should be monitored with additional quality standards and offers administrators a series of project labels and custom quality gate certifications described on the Setting quality standards for AI Code Assurance page.
Related pages
- Overview of AI features for instance administration
- Rules covered with AI CodeFix
- Autodetecting AI-generated code
- Setting permissions for AI autodetection
- Overview of AI capabilities in SonarQube Server
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
