Managing AI features in your SonarQube instance
On this page
AI CodeFix is available in Early Access for all commercial editions of SonarQube Server.
Sonar AI CodeFix uses a large language model (LLM) to automatically generate AI-driven code fixes for the issues discovered by SonarQube Server. The process is simple. When you request a fix, the affected code and issue description are sent to an LLM. AI CodeFix then proposes an edit that resolves the problem without changing the code’s functionality.
AI CodeFix currently uses Open AI’s GPT-4o or your own Azure OpenAI LLM, to suggest fixes for a select set of rules in Java, JavaScript, TypeScript, Python, C#, and C++. It’s also possible to use your own self-hosted Azure OpenAI Service model; see below for instructions.
Enabling AI-generated fix suggestions
As an Instance Admin, you can enable or disable AI-generated fix suggestions on your projects. To enable AI CodeFix:
- Go to Administration > Configuration > General Settings > Early Access features > AI CodeFix and select Enable AI CodeFix.
- Select your Provider:
- The default option is Sonar’s OpenAI which uses GPT-4o.
- To choose your own Azure OpenAI LLM:
- Select Self-hosted Bring Your Own Model.
- Provide your Azure OpenAI Endpoint. The endpoint URL should include the
deployment-id
andapi-version
parameters.
Here is an example:https://<YOUR-ENDPOINT>/openai/deployments/<YOUR-DEPLOYMENT-ID>/completions?api-version=<YOUR-API-VERSION>
- Provide your Azure OpenAI API Key. For information about using Azure AI models, see the Azure OpenAI Service documentation.
- Once AI CodeFix is enabled, choose either All projects or Only selected projects:
When choosing Only selected projects, add projects individually from the list to activate the feature. New projects will not be added automatically.
Sonar recommends using GPT-4o as your Azure OpenAI Service model because it produces the best results. Using other models may produce unexpected fix suggestions that have undesirable effects.
For more information on your choices, see the Azure documentation on service models.
You'll need a connection to the internet to access SonarQube Server’s AI CodeFix service.
The service is provided via api.sonarqube.io and has these static IP addresses:
- 99.83.135.55 (CIDR: 99.83.135.55/32)
- 15.197.164.24 (CIDR: 15.197.164.24/32)
Once enabled, developers can get AI-generated fix suggestions from the Issues page in their projects. See Fixing issues for more details.
Disabling AI CodeFix
To disable AI CodeFix completely in SonarQube Server and hide the feature from all users, including Instance Admins, set sonar.ai.codefix.hidden=true
in your sonar.properties file.
Alternatively, you can send an email to moc.ecruosranostcatnoc with the subject “Disabling AI CodeFix” or contact Sonar Support via your usual communication channel. SonarSource will block your Server ID from having access to the AI CodeFix feature.
AI Code Assurance
SonarQube Server recognizes that AI-generated code should be monitored with additional quality standards and offers administrators a series of tools described on the Standards for AI-generated code page.
Related pages
Was this page helpful?