0.12.0.1512

SonarQube CLI v0.12.0

This release significantly expands the agentic analysis capabilities of the CLI and introduces sonar remediate — a new command to submit issues for automated fixing via the SonarQube Remediation Agent.

Features

• Agentic Analysis from the Working Tree: sonar analyze agentic (renamed from sonar analyze sqaa) now automatically detects your Git change set — no --file argument needed. By default it analyzes staged and unstaged changes plus untracked files.

  • Use --staged to restrict to staged files only, or --base <ref> to diff against a branch or commit.
  • Live per-file progress is displayed in TTY environments. Use --format json for structured output compatible with piping.
  • Binary files and files above 10 MB are automatically excluded and reported. Exit code 51 signals issues were found; 0 means clean.

• Issue Remediation: New sonar remediate command lets you interactively select open issues fixable by the SonarQube Remediation Agent and submit them as a single job — without leaving the terminal.

  • Use --issues <key>,<key> for non-interactive mode, suitable for use with AI agents such as Claude Code.
  • Available on SonarQube Cloud only. A pre-flight entitlement check catches unsupported plans with a clear message before hitting the API.

• Improved Project Key Guidance: When no project key is detected, the CLI now explains how to configure one via sonar-project.properties or .sonarlint/connectedMode.json.

• Updated Bundled Text Analyzer: Updated to version 2.43.0.11106, adding new detection rules for lock files across multiple languages and support for user-defined issue messages for S6784.

Bug Fixes

• Agentic Analysis Hook: Fixed an issue where file paths containing .. or ~ components were sent to the server unnormalized, causing 400 errors in the PostToolUse hook