1.0.0.2628

SonarQube CLI v1.0.0

This milestone marks SonarQube CLI becoming an official public release and getting out of open beta.

SonarQube CLI 1.0 makes SonarQube a practical day-to-day tool in the terminal. It helps developers catch secrets, surface code quality and security issues on local work, and plug SonarQube into AI assistants, git hooks, and automation so feedback arrives earlier than CI.

The main commands are simple: sonar auth connects to SonarQube, sonar analyze runs local analysis workflows, sonar list queries projects and issues, and sonar integrate sets up agent and git integrations. That gives teams one CLI for interactive use, scripting, and AI-assisted development.

For more information, explore our interactive command browser, or dive into the detailed documentation.

This specific version introduces the sonar system status and sonar system reset commands, a fully interactive sonar integrate experience, automatic project discovery from Git remotes, and a wide range of polish and bug fixes across the board.

Features

• New sonar system status command: It provides a full overview of your CLI health — authentication, installed binaries, active integrations, MCP server state, and recommended actions. Supports --json for agent consumption.
• New sonar system reset command: It cleanly uninstalls all Sonar-managed integrations, hooks, binaries, and auth state, conducting a "factory-reset" and leaving your environment as it was before setup.
• New --project option for sonar analyze: The sonar analyze command now accepts a --project flag, consistent with how it is advertised in command help.
• Revamped, interactive sonar integrate command: Claude Code, Copilot, Codex, and Git integrations now present a per-feature opt-in prompt during installation, giving users fine-grained control over what gets installed and where (global vs. project scope). The command now offers a refreshed UI and consistent display for all subcommands.
• Auto-discovery of project binding from Git remote: When no local project config is found, the CLI now queries the server using the repository's origin remote URL to automatically resolve the project key and organization.
• New PostToolUse hook for Codex: sonar integrate codex now installs a PostToolUse: apply_patch hook that runs Agentic Analysis inline after each file edit, mirroring the Claude Code hook experience.
• sonar auth login confirmation prompt: The confirmation dialog now clearly displays the URL you are connecting to (e.g. Connect to: https://your-server.com?) for a more secure experience.
• Agentic Analysis skipped during global agent integration: sonar integrate <agent> --global no longer writes project-scoped Agentic Analysis hooks or instruction files; users are advised to run without --global if they want analysis hooks.

Bug Fixes

• Fixed sonar analyze --file output: Running sonar analyze --file <path> without a configured project no longer prints the full help menu; the secrets success message now reads "Secrets scan completed successfully", and excess blank lines have been removed.
• Fixed Codex AGENTS.md path: sonar integrate codex now correctly writes AGENTS.md at the repository root instead of .codex/AGENTS.md.
• Reduced macOS Keychain prompts: Fixed a code-signing identifier issue that caused macOS to show a Keychain access dialog on every invocation after sonar self-update. The binary now uses a stable, version-independent identifier so the Keychain ACL remains valid across updates.
• Line endings preserved on managed file writes: The CLI now detects and preserves existing line endings (CRLF / LF) when writing or updating managed resource blocks, preventing unintended line-ending changes on Windows.

Miscellaneous

• Dynamically built help menu: The sonar root help is now built dynamically, ensuring commands, subcommands, and descriptions are always up to date.