Skip to content

SonarQube Agent

GitHub App

SonarQube Agent

GitHub App

Overview

The SonarQube agent app for GitHub brings SonarQube code verification, quality gates, and remediation workflows into Github agent workflows. Once installed, the agent exposes dedicated sonar-* skills inside every Github agent session for your configured repos.
Invoke the SonarQube agent from Mission Control, directly in a PR, or within the same Agent session that writes your code. Code generation, analysis, remediation, and verification happen in one agentic environment.

Key capabilities

  • Quality gate and issue surfacing: Check quality gate status and list new-code issues for any PR or branch on demand, right from an Agent session.

  • Contextual remediation: Ask the agent to fix a specific issue. It fetches the rule description, generates a fix, and commits the corrected code to the working branch.

  • Branch-level analysis: Trigger SonarQube analysis from within the Agent session using the sonar-analyze skill to verify fixes before merge.

  • Natural-language queries: Ask questions about your SonarQube Cloud projects, issues, and quality gate results in plain language. The agent resolves the appropriate sonar-* skill automatically.

  • Coverage, duplication, and dependency risk: Surface code coverage, duplication metrics, and dependency risk data. Dependency risk requires SonarQube Advanced Security on a Cloud Enterprise plan.

How It Works

  • The SonarQube agent app bundles a dedicated agent definition, sonar-* skills, and a preconfigured SonarQube MCP Server into a single GitHub app.
  • When you open a session and select the SonarQube agent, the runtime resolves your organization and project configuration, mints a fresh OIDC JWT, and exchanges it for a SonarQube Cloud API bearer token. No static credentials are stored.
  • The MCP Server starts with your org, project, and token injected, connecting the Agent session directly to your SonarQube Cloud backend.
  • Natural-language prompts are routed to the appropriate sonar-* skill automatically: listing issues, checking quality gates, triggering analysis, or generating and committing code fixes to the working branch.

Developer

SonarQube Agent is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

Report abuse