A CLI application for interacting with SonarQube products. This product is currently in Open Beta and we are actively collecting feedback on it. Please share your thoughts via this form!
Linux/Mac OS:
curl -o- https://gist.githubusercontent.com/kirill-knize-sonarsource/663e7735f883c3b624575f27276a6b79/raw/b9e6add7371f16922a6a7a69d56822906b9e5758/install.sh | bashWindows (from PowerShell):
irm https://gist.githubusercontent.com/kirill-knize-sonarsource/d75dd5f99228f5a67bcd11ec7d2ed295/raw/a5237e27b0c7bff9a5c7bdeec5fe4b112299b5d8/install.ps1 | iexManage authentication tokens and credentials
Save authentication token to keychain
Options:
| Option | Type | Required | Description | Default |
|---|---|---|---|---|
--server, -s |
string | No | SonarQube server URL (default is SonarCloud) | - |
--org, -o |
string | No | SonarCloud organization key (required for SonarCloud) | - |
--with-token, -t |
string | No | Token value (skips browser, non-interactive mode) | - |
Examples:
sonar auth loginInteractive login for SonarCloud with browser
sonar auth login -o my-org -t squ_abc123Non-interactive login with direct token
sonar auth login -s https://my-sonarqube.io --with-token squ_def456Non-interactive login for custom server with token
Remove authentication token from keychain
Options:
| Option | Type | Required | Description | Default |
|---|---|---|---|---|
--server, -s |
string | No | SonarQube server URL | - |
--org, -o |
string | No | SonarCloud organization key (required for SonarCloud) | - |
Examples:
sonar auth logout -o my-orgRemove token for SonarCloud organization
sonar auth logout -s https://my-sonarqube.ioRemove token for custom SonarQube server
Remove all authentication tokens from keychain
Examples:
sonar auth purgeInteractively remove all saved tokens
Show active authentication connection with token verification
Examples:
sonar auth statusShow current server connection and token status
Install Sonar tools
Install sonar-secrets binary from https://binaries.sonarsource.com
Options:
| Option | Type | Required | Description | Default |
|---|---|---|---|---|
--force |
boolean | No | Force reinstall even if already installed | false |
--status |
boolean | No | Check installation status instead of installing | false |
Examples:
sonar install secretsInstall latest sonar-secrets binary
sonar install secrets --forceReinstall sonar-secrets (overwrite existing)
sonar install secrets --statusCheck if sonar-secrets is installed and up to date
Setup SonarQube integration for various tools, like AI coding agents, git and others
Options:
| Option | Type | Required | Description | Default |
|---|---|---|---|---|
--server, -s |
string | No | SonarQube server URL | https://sonarcloud.io |
--project, -p |
string | No | Project key | - |
--token, -t |
string | No | Existing authentication token | - |
--org, -o |
string | No | Organization key (for SonarCloud) | - |
--non-interactive |
boolean | No | Non-interactive mode (no prompts) | false |
--skip-hooks |
boolean | No | Skip hooks installation | false |
Examples:
sonar integrate claude -s https://sonarcloud.io -p my-projectIntegrate Claude Code with interactive setup
sonar integrate claude --skip-hooksIntegrate without installing hooks
List Sonar resources
Search for issues in SonarQube
Options:
| Option | Type | Required | Description | Default |
|---|---|---|---|---|
--server, -s |
string | No | SonarQube server URL | - |
--token, -t |
string | No | Authentication token | - |
--project, -p |
string | Yes | Project key | - |
--severity |
string | No | Filter by severity | - |
--format |
string | No | Output format | json |
--branch |
string | No | Branch name | - |
--pull-request |
string | No | Pull request ID | - |
--all |
boolean | No | Fetch all issues with pagination | false |
--page-size |
number | No | Page size for pagination | 500 |
Examples:
sonar list issues -p my-projectList issues in a project
sonar list issues -p my-project --format toonOutput issues in TOON format for AI agents
sonar list issues -p my-project --severity CRITICAL --allFetch all critical issues
Search for projects in SonarQube
Options:
| Option | Type | Required | Description | Default |
|---|---|---|---|---|
--query, -q |
string | No | Search query to filter projects by name or key | - |
--page, -p |
number | No | Page number | 1 |
--page-size |
number | No | Page size (1-500) | 500 |
Examples:
sonar list projectsList first 500 accessible projects
sonar list projects -q my-projectSearch projects by name or key
sonar list projects --page 2 --page-size 50Paginate through projects
Analyze code for security issues
Scan a file or stdin for hardcoded secrets
Options:
| Option | Type | Required | Description | Default |
|---|---|---|---|---|
--file |
string | No | File path to scan for secrets | - |
--stdin |
boolean | No | Read from standard input instead of a file | - |
Examples:
sonar analyze secrets --file src/config.tsScan a file for hardcoded secrets
cat .env | sonar analyze secrets --stdinScan stdin for hardcoded secrets
string— text value (e.g.--server https://sonarcloud.io)boolean— flag (e.g.--verbose)number— numeric value (e.g.--page-size 100)array— multiple values (e.g.--tags tag1 tag2)
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | Error (validation, execution, etc.) |
See State Management for more information.
Copyright 2026 SonarSource Sàrl.
SonarQube CLI is released under the GNU Lesser General Public License, Version 3.0,.
Generated from spec.yaml — do not edit manually