0.13.0.1692

SonarQube CLI v0.13.0

This release includes enhancement of GitHub Copilot integration with Agentic Analysis, and several improvements to error handling and integrations.

Features

• GitHub Copilot Integration: Added Agentic Analysis integration for Copilot CLI, instructing Copilot to automatically analyze modified files during sessions
• Enhanced Error Messages: Errors now include helpful remediation hints showing you how to fix common issues
• Debug Logging: sonar run mcp now logs the exact container command being executed in debug mode

Bug Fixes

• Fixed Git hooks to fail gracefully when the CLI crashes outside CI environments, preventing blocked commits while still failing hard in CI pipelines

Miscellaneous

• Continued foundational work on the upcoming SCA dependency analysis command, including downloading the SCA scanner binary for the current platform and wiring it into the analysis pipeline (not yet user-facing).
• Introduced an internal declarative framework for describing and managing integrations (foundational scaffolding for future integration improvements).
• Internal fixes to the automated documentation version update process.

0.12.0.1512

SonarQube CLI v0.12.0

This release significantly expands the agentic analysis capabilities of the CLI and introduces sonar remediate — a new command to submit issues for automated fixing via the SonarQube Remediation Agent.

Features

• Agentic Analysis from the Working Tree: sonar analyze agentic (renamed from sonar analyze sqaa) now automatically detects your Git change set — no --file argument needed. By default it analyzes staged and unstaged changes plus untracked files.

  • Use --staged to restrict to staged files only, or --base <ref> to diff against a branch or commit.
  • Live per-file progress is displayed in TTY environments. Use --format json for structured output compatible with piping.
  • Binary files and files above 10 MB are automatically excluded and reported. Exit code 51 signals issues were found; 0 means clean.

• Issue Remediation: New sonar remediate command lets you interactively select open issues fixable by the SonarQube Remediation Agent and submit them as a single job — without leaving the terminal.

  • Use --issues <key>,<key> for non-interactive mode, suitable for use with AI agents such as Claude Code.
  • Available on SonarQube Cloud only. A pre-flight entitlement check catches unsupported plans with a clear message before hitting the API.

• Improved Project Key Guidance: When no project key is detected, the CLI now explains how to configure one via sonar-project.properties or .sonarlint/connectedMode.json.

• Updated Bundled Text Analyzer: Updated to version 2.43.0.11106, adding new detection rules for lock files across multiple languages and support for user-defined issue messages for S6784.

Bug Fixes

• Agentic Analysis Hook: Fixed an issue where file paths containing .. or ~ components were sent to the server unnormalized, causing 400 errors in the PostToolUse hook

0.11.0.1439

SonarQube CLI v0.11.0

This release introduces seamless integration with Copilot CLI, allowing you to leverage SonarQube’s intelligence directly within your AI-assisted workflows.

Features

• Copilot CLI Integration: Added the sonar integrate copilot command. This automates the setup for the SonarQube MCP Server and installs a pre-tool-use secrets-scanning hook.
  -- Note: This also generates an instructions.md file to help Copilot identify and block prompts containing sensitive information.
• Simplified MCP Configuration: Added the sonar run mcp command, designed to be used in agent configuration files. Once authenticated via the CLI, the SonarQube MCP Server can be initialized automatically by your AI agent without additional manual configuration.

0.10.0.1266

SonarQube CLI v0.10.0

New Features & Enhancements

• Platform Support: Added support for Linux ARM64. Thanks to @mcfedr for the contribution!
• Issue Filtering: Added the ability to filter issues by statuses and by severities simultaneously.
• Environment Variables in Auth: sonar auth status now properly displays when a connection is being sourced from environment variables.
• Agentic analysis: Added a clear warning when no project is configured for SonarQube Agentic Analysis.

Security & Authentication

• Keychain Migration: Replaced the external keytar dependency with Bun.secrets for native OS backend keychain management, simplifying token state management and removing the need for macOS entitlements.
• Token Validation & Generation: * sonar auth status now actively checks if the current token is valid.
  • Adjusted the token generation URL to support SonarQube Server 2026.2+.

Bug Fixes

• Hooks: Fixed an issue to ensure pre-commit hooks are not duplicated.
• SonarQube Cloud US Region Support: Fixed an issue where Cloud API calls were hardcoded to the EU base URL, breaking SQC US environments, and properly added SQC US auth/mentions to the CLI help and README.

Performance & Installation

• Windows Installation: Sped up install.ps1 by silencing the progress bar.

0.9.0.977

SonarQube CLI v0.9.0

This release makes possible to run any SonarQube capability from the CLI through SonarQube Web APIs

Features

• Generic API command sonar api.
  Power users can now invoke any SonarQube Server or SonarQube Cloud HTTP endpoint directly from the CLI, enabling full Web API integration beyond built-in commands

Bug fixes

• Project key detection — The project key is now correctly resolved from
  .sonarlint/connectedMode.json when present in the workspace.
• Pre-commit hook — Fixed a failure in the pre-commit hook when the sonar
  CLI is not installed on the machine.
• Telemetry initialization — Fixed incorrect Sentry SDK initialization:
  the CLI now uses the correct @Sentry/node package instead of
  @Sentry/bun.

0.8.1.798

SonarQube CLI v0.8.1

This is a bugfix release. It fixes the problem with keystore on Mac that was preventing users from logging in.

0.8.0.783

SonarQube CLI v0.8.0

This release introduces several improvements and fixes some bugs.

Features

• Improve the help command and provide a quickstart guide
• Rename authentication environment variables
  • SONAR_CLI_TOKEN -> SONARQUBE_CLI_TOKEN
  • SONAR_CLI_SERVER -> SONARQUBE_CLI_SERVER
  • SONAR_CLI_ORG -> SONARQUBE_CLI_ORG
• Sign macOS binary with Apple Developer ID to avoid frequent Keychain Access prompts
• sonar self-update updates the secrets binary if it was previously installed
• Collect uncaught exceptions with Sentry

Bug Fixes

• Do not require organization key when doing auth logout

0.7.0.711

SonarQube CLI v0.7.0

This release introduces the sonar integrate git command for installing secrets pre-commit/pre-push git hook. Also it adds MCP configuration for sonar integrate claude and fixes some bugs.

Features

• Secrets pre-commit and pre-push hooks — automatically scans staged files for secrets
  before each commit or push
• Secrets binary auto-install — sonar integrate claude now installs the
  secrets scanner if not already present
• MCP Server configuration — sonar integrate claude configures the SonarQube MCP
  Server automatically
• Auth enforcement — feature commands now require active authentication

Bug Fixes

• Fixed integrate claude incorrectly resolving organization from project
  context instead of auth
• Fixed Agentic Analysis hook installation for sonar integrate claude command

0.6.1.603

SonarQube CLI v0.6.1

This is a bugfix release. It fixes the install scripts that were trying to download incorrect artifacts.

0.6.0.579

SonarQube CLI v0.6.0

This release introduces the sonar verify command for running SonarQube Agentic Analysis, a high-performance service designed to integrate SonarQube's static analysis directly into AI coding workflows. Other features: a self-update mechanism, and several usability improvements, alongside a comprehensive round of bug fixes for hooks, issue listing, and organization resolution.

Features

• New sonar verify command — A dedicated command for running analysis with SonarQube Agentic Analysis, also exposed as a sonar analyze sqaa command.
• New sonar self-update command — The CLI can now update itself, and automatically update installed binaries and integrations.
• Improved sonar analyze secrets parameters — The command now accepts a list of files (the unnecessary --file option was removed)
• Add new sonar list -o / --org option — Org can now be passed directly without relying on current configuration.
• Simplified organization selection — The organization is now resolved automatically where possible, reducing the need to specify it manually.
• Improved error reporting — All error types are now consistently logged, making failures easier to diagnose.

Bug Fixes

• sonar integrate claude — correctly derives the org from the project configuration rather than the auth connection.
• sonar list issues — Fixed the project filter being ignored when listing issues on SonarQube Server.
• sonar list — The list command now works correctly when authentication is supplied via environment variables.
• sonar integrate claude — The generated hook template now uses the correct analyze subcommand.
• sonar integrate claude — Hooks now correctly parse JSON output formatted by Claude Code.
• sonar integrate claude -g — Fixed global integration incorrectly replacing project-level agentExtensions with a wrong projectRoot.