SonarLint offers the ability to scan code for issues before checking it in, with minimal configuration.

SonarLint for Command Line is free and open source. The connected mode is compatible with SonarQube 5.6+.

SonarLint for Command Line


  1. Download the latest release and extract the zip file.
  2. Add <extraction_path>/bin to your PATH.


With the SonarLint executable in the PATH, simply run on the base directory of your project:

For Windows:

SonarLint will produce an HTML issues report and will show a short summary in the console:
Console summary

SonarLint CLI arguments

You can list the accepted arguments with:

sonarlint -h


  • --src - allow to restrict source set to be analyzed (default is to analyze all supported files)
sonarlint --src "src/**"
  • --tests - mark some files already included in the source set as test files. Test files are analyzed with different rules.
sonarlint --src "src/**" --tests "src/tests/**"

Connected mode

SonarLint CLI can be bound to remote projects in SonarQube servers to use the same settings as those projects. SonarLint will download from the SonarQube server the analyzer plugins, rules, settigns and quality profiles associated to the remote project. This allows to use customized configuration of rules (quality profiles) and also certain settings, for example, issue and file exclusion.

Global configuration

SonarQube servers are defined globally in the following file: {home}/.sonarlint/conf/global.json
In it, you define how SonarLint CLI connects to SonarQube servers:
  servers: [
      "id": "local",
      "url": "http://localhost:9000",
      "token": "mytoken"

Several server configurations should be defined. It's also possible to define a login and password instead of a token.

Per-project configuration

Each project can be bound to a specific remote project in a SonarQube server defined in the global configuration file.
The project key and the server id should be defined in the following file: {project_base_dir}/sonarlint.json
Here is an example:
  "serverId": "local",
  "projectKey": "my.organization:project1"

Force the update of the binding

All the binding data is downloaded from the SonarQube server if it's not present locally. Subsequent analysis with the same settings will reuse the local data, not requiring a network connection to the SonarQube server. However, if any configuration changes in the SonarQube server (for example, analyzer plugins, rules, quality profiles, ..), an update is needed to have those changes reflected locally. It has to be triggered manually with the parameter "-u":
sonarlint -u


  • January 16, 2017 - SonarLint CLI version 2.1 is released. In connected mode, issues will be matched with issues known on the server. Issues marked resolved will be hidden, other matched issues will have a creation date in the HTML report. Starting from this version, SonarLint is only compatible with SonarQube 5.6+ (current LTS).
  • August 12, 2016 - SonarLint CLI version 2.0 is released, featuring the "connected mode", which allows to point SonarLint CLI to a remote project in a SonarQube server.
  • February 12, 2016 - First release of SonarLint CLI, version 1.0.


  • Which languages are supported? - Out of the box, SonarLint CLI will analyze Java, Javascript, PHP and Python source files. If you bind SonarLint CLI to a SonarQube server, other SonarSource analyzer installed in the server will be downloaded and executed, as well as your custom rules.
  • How do I configure which files to analyze? - By default, SonarLint analyzes all source code that it finds under the current directory, and consider everything as production code. You can configure the location of source code using --src and distinguish test code from production code using --tests. For example:
    sonarlint --src "src/**" --tests "src/test/**"
  • How to configure rules? - When SonarLint is bound to a project in a SonarQube server, the Quality Profile of that project is used. For more information, read the section about the connected mode.
  • How to keep updated about future releases? - Releases are announced in the SonarLint group. You can also subscribe to atom feed on github or to the newsletter in


SonarLint for Command Line is open source under the LGPL v3 license. You can fork us on GitHub, and submit Pull Requests. Feel free to fix bugs or to implement new features.


The preferred way to discuss about SonarLint is by posting on the SonarLint Google Group. We are also constantly monitoring questions posted to StackOverflow. For faster answers mark your StackOverflow questions with the [SonarLint] tag.