sonarqube

SonarQube agent integrations

This repository bundles SonarQube-related plugins and configuration for AI agents:

Surface	Location	Notes
Claude Code	.claude-plugin/, commands/, skills/integrate/, hooks/, scripts/	Slash commands, /sonarqube:integrate skill, SessionStart check; MCP and secrets-scanning hooks are registered by sonarqube-cli (sonar integrate claude)
Gemini	gemini-extension.json, GEMINI.md	Gemini extension + MCP user context
Kiro	kiro-power/	Power definition and mcp.json for Kiro

• Claude Code — full setup, commands, and configuration: Claude Code plugin.
• Gemini and Kiro — see the paths in the table above;

---

Claude Code plugin

Integrate SonarQube code quality and security analysis into Claude Code: namespaced slash commands, a guided /sonarqube:integrate skill, and a startup check for the CLI and wiring.

MCP server registration and secrets-scanning hooks are installed on your machine by sonarqube-cli when you run sonar integrate claude during setup (the plugin bundle does not ship an .mcp.json; the CLI writes the config Claude Code loads).

Features

• Issue fixing: Fix specific code quality issues by rule key and location (CLI)
• Issue listing: Search and filter issues in your SonarQube project (CLI)
• Project discovery: List accessible SonarQube projects to find project keys (CLI)
• Quality gate, coverage, duplication, snippet analysis, dependency risks: Slash commands that call the SonarQube MCP Server (available after sonar integrate claude)
• Secrets scanning: Pre-tool secrets-scanning hooks registered by the CLI via sonar integrate claude to limit secret exposure to the agent
• Session check: On startup, reports whether sonarqube-cli is present and integration is configured

Installation

Add the marketplace and install the plugin

In Claude Code, register this repository as a plugin marketplace, install the sonarqube plugin, then reload:

/plugin marketplace add SonarSource/sonarqube-agent-plugins
/plugin install sonarqube@sonar

Then start a new Claude Code session (or otherwise reload the session) so the plugin loads.

The catalog name sonar comes from .claude-plugin/marketplace.json; the plugin id sonarqube comes from .claude-plugin/plugin.json. Alternatively, run /plugin, open the Discover tab, and install sonarqube from the Sonar marketplace interactively (pick user, project, or local scope as needed).

From a system terminal you can use the same ids (optional --scope):

claude plugin install sonarqube@sonar

Prerequisites

• Node.js — required to run the SessionStart hook (scripts/setup.js).

• sonarqube-cli (sonar) — install it yourself before running /sonarqube:integrate. Agent will also guide you through the installation process:

  Platform	Command
  macOS / Linux	curl -o- https://raw.githubusercontent.com/SonarSource/sonarqube-cli/refs/heads/master/user-scripts/install.sh | bash
  Windows (PowerShell)	irm https://raw.githubusercontent.com/SonarSource/sonarqube-cli/refs/heads/master/user-scripts/install.ps1 | iex

Finish setup with /sonarqube:integrate

Once sonarqube-cli is installed, run the guided setup skill:

/sonarqube:integrate

This will: