Sonar ORG

Continuous Inspection

SonarQube is a self-hosted server that continuously scans your codebase for bugs, security vulnerabilities, and code quality issues, with configurable Quality Gates to stop problems from shipping.

:whale: SonarQube in Docker

SonarSource Static Analyzer for JavaScript and TypeScript

:coffee: SonarSource Static Analyzer for Java Code Quality and Security

SonarJS rules for ESLint

Shows how to use the Scanners

Code analyzer for C# and VB.NET projects

Static code analyzer for TypeScript

SonarQube plugin for JetBrains IDEs providing code quality and security feedback directly in the IDE

SonarQube extension for Visual Studio Code providing code quality and security feedback directly in the editor

Deprecated. Use https://github.com/SonarSource/sonarqube-scan-action instead.

Official SonarQube MCP Server for code quality and security in AI agents

SonarQube extension for Visual Studio providing code quality and security feedback directly in the IDE

:elephant: SonarPHP: PHP static analyzer for SonarQube & SonarLint

Scanner CLI for SonarQube (Server, Cloud)

No description.

SonarScanner for .NET

No description.

SonarQube plugin for Eclipse providing code quality and security feedback directly in the IDE

Core library to run SonarQube for IDE analysis

:snake: SonarQube Python plugin

Shows how to bootstrap a project to write custom rules for PHP, Python, Cobol, RPG

SonarQube Scanner for Gradle

Docker image for SonarScanner CLI

Command-line interface for SonarQube with AI agent integration. Scan for secrets and get fast feedback on code quality and security from your terminal.

SonarQube Scanner for Jenkins

SonarQube Scanner for Maven

Shows how to write a SonarQube Server plugin

SonarSource Static Analyzer for Kotlin Code Quality and Security

SonarGo: Go Analyzer for SonarQube

Common Java library used by many SonarScanners

Sonar Azure DevOps Services Extensions

Language Server for SonarQube for VSCode

SonarQube Plugin for AI Agents

No description.

No description.

SDK for SonarQube Roslyn Analyzer Plugins

SonarSource Language Recognizer

SonarLint for CLI

SonarQube GitHub Plugin (deprecated)

Static analyzer for HTML used in Sonar ecosystem

Static Code Analyser for Infrastructure-as-Code languages such as CloudFormation and Terraform as well as DevOps like Docker and Kubernetes

No description.

SonarQube Scanner for the JavaScript world

Documentation targeting the .Net community explaining how to install and use SonarQube to analyse .Net projects

SonarQube JaCoCo Plugin

Developer Toolset for Sonar-* Projects

Command line tool to migrate MySQL database of SonarQube 6.7-7.8 to non-MySQL

Plugin for Rust language

No description.

No description.

:department_store: LDAP Plugin for SonarQube

Standard SQ-Scanner-based project analyzed on SonarQube Cloud using Travis

Logic useful for a language plugin

API to develop plugins for SonarQube (Server, Cloud) and SonarQube for IDE

No description.

No description.

SonarCSS: CSS Analyzer for SonarQube

No description.

Bitbucket Authentication for SonarQube

A wrapper around SonarScanner CLI, available on PyPI.

A practical guide to using SonarQube Agentic Analysis and Context Augmentation with Claude Code to catch and prevent code quality issues before they reach CI.

SonarLint for Atom.io

Java library for running SonarQube in tests

GitHub Authentication for SonarQube

Toolbox for Java classloaders

Java Maven-based project analyzed on SonarQube Cloud using Travis

No description.

Support of SonarScanner CLI in CircleCI

No description.

No description.

ESLint configuration for SonarQube and its plugins.

No description.

C SQ-Scanner-based project analyzed on SonarCloud using Travis

Sample projects for the configuration of SonarCloud on GitHub Actions

Go Analyzer

SonarQube Plugin for SVN

SonarQube Community Build Web App

Documentation for Kintsugi ADE

sonar-text

A React implementation of Echoes, Sonar's design system.

Listing of example projects analyzed on SonarQube Cloud

[ ⛔️DEPRECATED] CLI for SonarJS

A git command implemented with JGit that blames multiple files simultaneously

Go project analyzed on SonarQube Cloud using Travis

No description.

Parent file of public Maven projects

No description.

A collection of reusable GitHub Actions to automate the analyzer release process. This toolbox offers modular automations to reduce manual work for squads, handling tasks like changelog generation, version bumps, and release publishing. These actions help teams focus on code quality by simplifying workflows.

Java Gradle-based project analyzed on SonarQube Cloud using Travis

PyCon US Sonar Workshop

A wrapper for the Gitlab API written in Java

Source file headers of SonarSource projects

No description.

Change status of JIRA tickets when opening and merging pull requests

SAML 2.0 Authentication for SonarQube

Common UI lib for SonarQube and SonarCloud

No description.

No description.

Used for https://github.com/SonarSource/SonarJS ruling

No description.

No description.

No description.

Automate GitHub backlog and Kanbans

Ruby analyzer

:package: Maven plugin for building SonarQube Server plugins

No description.

No description.

Demonstrates the value of Clean as You Code methodology

No description.

Hosts sonar-secrets CLI binaries for use in pre-commit hooks to detect secrets before code is committed.

Deprecated. Use https://github.com/SonarSource/sonarqube-scan-action instead.

No description.

project sources for dotnet ITs

No description.

Used for https://github.com/SonarSource/sonar-css ruling

Packaging of Eclipse's Java Development Tools for SonarJava

SonarQube plugin template used by the Roslyn SDK

Ease the usage of hashicorp/vault-action within Sonar

Renovate presets

Ease the usage of jfrog/jfrog-setup within Sonar

No description.

SonarSource GitHub releasability action

GitHub Action for SBOM generation

Scala analyzer

A SonarQube MCP Server extension for Zed

Static resources used related to GitHub

No description.

Primary source of truth for the Docker "Official Images" program

TypeScript project analyzed on SonarQube Cloud using Travis

Get notified for build failures on slack

Documentation for Docker Official Images in docker-library

"Multi-Level Intermediate Representation" Compiler Infrastructure

All Algorithms implemented in Python

Dataset and sample code for the paper "A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software"

No description.

Java API for GitHub

Language plugins Integration Tests Support

A sample python project used for testing purposes.

CI/CD GitHub Actions

sample project (with code from Copilot), for customer demos

GitHub action for caching in AWS S3

Run pre-commit hooks at CI level

No description.

SonarQube Plugin for Agent Apps for Github

Sonar Java symbolic execution plugin

No description.

The Go programming language

OmniSharp server (HTTP, STDIO) based on Roslyn workspaces

This repo contains files for users of docs.sonarsource.com

:microscope: A collection of test cases in the Java language. It contains examples for 112 different CWEs.

This repo contains the code of the CodeCatalyst "SonarQube Cloud Scan" action

A library that allows developpers to write rules descriptively.

No description.

SonarSource Github Action for AWS S3

Find and fix problems in your JavaScript code.

No description.

PyCon22 Sonar Demo Project

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Source examples to demo our code analyzers and SonarLint

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Used for https://github.com/SonarSource/SonarJS ruling

Securibench Micro is a benchmark for static analysis tools for security.

Used for https://github.com/SonarSource/SonarJS ruling

Test project containing some overflow situations

No description.

Demo

GitHub Webinar Demo

Oversecured Vulnerable Android App

No description.

Development tooling for .NET — For artifacts accessible from public repos

Maven plugin to provide Node.js runtimes

RSPEC Maven Plugin Project

Sonar repository template powered by Cookiecutter

GitHub action to scaffold repositories with https://www.cookiecutter.io/templates

Dummy project for testing synchronization of private/public repositories within SonarSource.

GitHub action to send Slack notifications for failed GitHub Checks.

Wrapper for github action atlassian/gajira-create

Shared GitHub Action to sign Windows artifacts with Azure Artifact Signing

Common Gradle modules for multiple projects

Github actions used for Unified dogfooding

Eclipse RedDeer fork configured to only work with SonarQube for Eclipse

Setup Cloudflare WARP with device posture check and inspection certificate for secure network access.

Plugin using the Plugin API to allow Roslyn integration between SonarQube for Visual Studio and SLCore..

Holds code for generating compliance reports

Official Sonar Homebrew tap for installing Sonar tooling on macOS and Linux.

share ground truths of popular SAST Benchmarks and how Sonar scores on them

No description.

Interview template for onsite interview (archived, PREQ-5408)

Terraform module to create Amazon Elastic Kubernetes (EKS) resources 🇺🇦