0.10.0.1266

SonarQube CLI v0.10.0

New Features & Enhancements

• Platform Support: Added support for Linux ARM64. Thanks to @mcfedr for the contribution!
• Issue Filtering: Added the ability to filter issues by statuses and by severities simultaneously.
• Environment Variables in Auth: sonar auth status now properly displays when a connection is being sourced from environment variables.
• Agentic analysis: Added a clear warning when no project is configured for SonarQube Agentic Analysis.

Security & Authentication

• Keychain Migration: Replaced the external keytar dependency with Bun.secrets for native OS backend keychain management, simplifying token state management and removing the need for macOS entitlements.
• Token Validation & Generation: * sonar auth status now actively checks if the current token is valid.
  • Adjusted the token generation URL to support SonarQube Server 2026.2+.

Bug Fixes

• Hooks: Fixed an issue to ensure pre-commit hooks are not duplicated.
• SonarQube Cloud US Region Support: Fixed an issue where Cloud API calls were hardcoded to the EU base URL, breaking SQC US environments, and properly added SQC US auth/mentions to the CLI help and README.

Performance & Installation

• Windows Installation: Sped up install.ps1 by silencing the progress bar.

0.9.0.977

SonarQube CLI v0.9.0

This release makes possible to run any SonarQube capability from the CLI through SonarQube Web APIs

Features

• Generic API command sonar api.
  Power users can now invoke any SonarQube Server or SonarQube Cloud HTTP endpoint directly from the CLI, enabling full Web API integration beyond built-in commands

Bug fixes

• Project key detection — The project key is now correctly resolved from
  .sonarlint/connectedMode.json when present in the workspace.
• Pre-commit hook — Fixed a failure in the pre-commit hook when the sonar
  CLI is not installed on the machine.
• Telemetry initialization — Fixed incorrect Sentry SDK initialization:
  the CLI now uses the correct @Sentry/node package instead of
  @Sentry/bun.

0.8.1.798

SonarQube CLI v0.8.1

This is a bugfix release. It fixes the problem with keystore on Mac that was preventing users from logging in.

0.8.0.783

SonarQube CLI v0.8.0

This release introduces several improvements and fixes some bugs.

Features

• Improve the help command and provide a quickstart guide
• Rename authentication environment variables
  • SONAR_CLI_TOKEN -> SONARQUBE_CLI_TOKEN
  • SONAR_CLI_SERVER -> SONARQUBE_CLI_SERVER
  • SONAR_CLI_ORG -> SONARQUBE_CLI_ORG
• Sign macOS binary with Apple Developer ID to avoid frequent Keychain Access prompts
• sonar self-update updates the secrets binary if it was previously installed
• Collect uncaught exceptions with Sentry

Bug Fixes

• Do not require organization key when doing auth logout

0.7.0.711

SonarQube CLI v0.7.0

This release introduces the sonar integrate git command for installing secrets pre-commit/pre-push git hook. Also it adds MCP configuration for sonar integrate claude and fixes some bugs.

Features

• Secrets pre-commit and pre-push hooks — automatically scans staged files for secrets
  before each commit or push
• Secrets binary auto-install — sonar integrate claude now installs the
  secrets scanner if not already present
• MCP Server configuration — sonar integrate claude configures the SonarQube MCP
  Server automatically
• Auth enforcement — feature commands now require active authentication

Bug Fixes

• Fixed integrate claude incorrectly resolving organization from project
  context instead of auth
• Fixed Agentic Analysis hook installation for sonar integrate claude command

0.6.1.603

SonarQube CLI v0.6.1

This is a bugfix release. It fixes the install scripts that were trying to download incorrect artifacts.

0.6.0.579

SonarQube CLI v0.6.0

This release introduces the sonar verify command for running SonarQube Agentic Analysis, a high-performance service designed to integrate SonarQube's static analysis directly into AI coding workflows. Other features: a self-update mechanism, and several usability improvements, alongside a comprehensive round of bug fixes for hooks, issue listing, and organization resolution.

Features

• New sonar verify command — A dedicated command for running analysis with SonarQube Agentic Analysis, also exposed as a sonar analyze sqaa command.
• New sonar self-update command — The CLI can now update itself, and automatically update installed binaries and integrations.
• Improved sonar analyze secrets parameters — The command now accepts a list of files (the unnecessary --file option was removed)
• Add new sonar list -o / --org option — Org can now be passed directly without relying on current configuration.
• Simplified organization selection — The organization is now resolved automatically where possible, reducing the need to specify it manually.
• Improved error reporting — All error types are now consistently logged, making failures easier to diagnose.

Bug Fixes

• sonar integrate claude — correctly derives the org from the project configuration rather than the auth connection.
• sonar list issues — Fixed the project filter being ignored when listing issues on SonarQube Server.
• sonar list — The list command now works correctly when authentication is supplied via environment variables.
• sonar integrate claude — The generated hook template now uses the correct analyze subcommand.
• sonar integrate claude — Hooks now correctly parse JSON output formatted by Claude Code.
• sonar integrate claude -g — Fixed global integration incorrectly replacing project-level agentExtensions with a wrong projectRoot.

0.5.0.409

SonarQube CLI v0.5.0 — Public Beta

First public release of sonar, a CLI for SonarQube Server and SonarQube Cloud.

Features

• Auth — browser-based or token login via sonar auth login; auto-discovers server URL and org from
  sonar-project.properties or .sonarlint/connectedMode.json; credentials stored in the OS keychain
• Claude Code integration — sonar integrate claude installs hooks to scan files for secrets before use; supports -g
  for global install
• Issue queries — sonar list issues with filters for severity, branch, pull request, type, status, rule, and tag;
  --all for full result sets
• Project queries — sonar list projects with free-text search and pagination
• Secrets scanning — sonar analyze secrets scans a file or piped stdin; sonar install secrets to install the
  verification tool
• Output formats — json, table, csv, toon (AI-optimized) across list commands
• Telemetry — anonymous usage stats, opt out with sonar config telemetry --disabled

Bug Fixes

None — initial release.