From sonarqube
Installs sonarqube-cli if not already installed, authenticates, and integrates SonarQube with Claude Code (installs analysis hooks & SonarQube MCP Server). Use when the user wants to set up SonarQube integration or asks to configure SonarQube.
npx claudepluginhub sonarsource/sonarqube-agent-plugins --plugin sonarqubeThis skill is limited to using the following tools:
Guide the user through installing **sonarqube-cli** (if needed), **updating it to the latest version** when already installed, authenticating, and running **`sonar integrate claude`**. That command configures the **SonarQube MCP Server** and **secrets-scanning hooks** in Claude Code. When available, SonarQube Agentic Analysis hooks are also installed. Assume SonarQube itself is already set up; ...
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Designs, implements, and audits WCAG 2.2 AA accessible UIs for Web (ARIA/HTML5), iOS (SwiftUI traits), and Android (Compose semantics). Audits code for compliance gaps.
Guide the user through installing sonarqube-cli (if needed), updating it to the latest version when already installed, authenticating, and running sonar integrate claude. That command configures the SonarQube MCP Server and secrets-scanning hooks in Claude Code. When available, SonarQube Agentic Analysis hooks are also installed. Assume SonarQube itself is already set up; this skill only wires the assistant. This plugin repo does not ship .mcp.json; the SonarQube CLI writes the config Claude loads.
Interaction rule: for every finite decision, always present predefined selector options (single-choice or multi-choice as appropriate) instead of asking for free-form text. If the user gives an invalid answer, re-show the same selector.
Run which sonar yourself using the Bash tool.
If found:
sonar self-update yourself using the Bash tool and wait for it to finish.
sonar self-update manually (e.g. offline or network issues), then still continue to Step 2 if sonar remains usable — do not block the rest of the flow unless the binary is missing or broken.If not found: show the user the platform-appropriate install command and ask them to run it (this cannot be automated — it requires an interactive shell session).
| Platform | Install command |
|---|---|
| macOS / Linux | curl -o- https://raw.githubusercontent.com/SonarSource/sonarqube-cli/refs/heads/master/user-scripts/install.sh | bash |
| Windows (PS) | irm https://raw.githubusercontent.com/SonarSource/sonarqube-cli/refs/heads/master/user-scripts/install.ps1 | iex |
Wait for the user to confirm, then re-run which sonar yourself to verify before continuing.
Run sonar auth status yourself using the Bash tool.
If already authenticated: note the connected server and organisation from the output, then skip directly to Step 4.
If not authenticated: proceed to Step 3.
sonar auth login)This step requires user interaction — do not run it yourself.
First determine the connection type using a single-choice selector with these options:
Do not ask an open-ended text question for this decision.
Collect:
| Scenario | Information needed |
|---|---|
| SonarQube Cloud — EU (default) | organization key (e.g. my-org) |
| SonarQube Cloud — US | organization key + confirm US region (https://sonarqube.us) |
| SonarQube Server | server URL (e.g. https://sonarqube.yourcompany.com) |
Build the login command and show it to the user:
| Scenario | Command |
|---|---|
| SonarQube Cloud — EU | sonar auth login -o <org-key> |
| SonarQube Cloud — US | sonar auth login -o <org-key> -s https://sonarqube.us |
| SonarQube Server | sonar auth login -s <server-url> |
Tell the user:
"Run the command below — it will open your browser to log in. The token is stored securely in your system keychain and never appears in this chat."
Wait for the user to confirm they logged in, then run sonar auth status yourself to
verify before continuing.
sonar integrate claude)This step runs sonar integrate claude, which configures the SonarQube MCP Server, secrets-scanning hooks, and any other supported integration the CLI applies.
It wires MCP (for commands like /sonarqube:quality-gate, /sonarqube:analyze, /sonarqube:coverage, /sonarqube:duplication, /sonarqube:dependency-risks) and secrets-scanning hooks into the user’s Claude Code config.
Ask the user using a single-choice selector with these options:
Do not ask an open-ended text question for this decision.
Then run the appropriate command yourself using the Bash tool, using the server/org
from Step 2 or Step 3 and adding --non-interactive:
| Scenario | Command |
|---|---|
| Project-only | sonar integrate claude --non-interactive |
| Global | sonar integrate claude --global --non-interactive |
After all steps complete, print a summary:
✅ SonarQube integration is ready.
sonarqube-cli: updated via sonar self-update (when Step 1 ran successfully)
MCP + hooks: registered via sonar integrate claude (restart Claude Code if tools do not appear)
Secrets scanning: hooks installed via sonar integrate claude
Authentication: token stored in system keychain
You can verify at any time with: sonar auth status
To refresh CLI + wiring later: run /sonarqube:integrate again (self-update + integrate)
If sonar self-update failed in Step 1, adjust the summary: omit the sonarqube-cli line or state that the CLI was not updated and suggest sonar self-update in a terminal.
If any other step failed, note it clearly and suggest the corrective action.