SonarLint offers the ability to scan code for issues before checking it in, with minimal configuration.

SonarLint for Command Line is free and open source.

SonarLint for Command Line


  1. Download the latest release and extract the zip file.
  2. Add <extraction_path>/bin to your PATH.


With the SonarLint executable in the PATH, simply run on the base directory of your project:

For Windows:

SonarLint will produce an HTML issues report and will show a short summary in the console:
Console summary

SonarLint CLI arguments

You can list the accepted arguments with

sonarlint -h


  • --src - refers to the directory containing the source code in your project
sonarlint --src **/my_source_dir/**

Connected mode

SonarLint CLI can be bound to remote projects in SonarQube servers to use the same settings as those projects. SonarLint will download from the SonarQube server the analyzer plugins, rules, settigns and quality profiles associated to the remote project. This allows to use customized configuration of rules (quality profiles) and also certain settings, for example, issue and file exclusion.

Global configuration

SonarQube servers are defined globally in the following file: {home}/.sonarlint/conf/global.json
In it, you define how SonarLint CLI connects to SonarQube servers:
  servers: [
      "id": "local",
      "url": "http://localhost:9000",
      "token": "mytoken"

Several server configurations should be defined. It's also possible to define a login and password instead of a token.

Per-project configuration

Each project can be bound to a specific remote project in a SonarQube server defined in the global configuration file.
The project key and the server id should be defined in the following file: {project_base_dir}/sonarlint.json
Here is an example:
  "serverId": "local",
  "projectKey": "my.organization:project1"

Force the update of the binding

All the binding data is downloaded from the SonarQube server if it's not present locally. Subsequent analysis with the same settings will reuse the local data, not requiring a network connection to the SonarQube server. However, if any configuration changes in the SonarQube server (for example, analyzer plugins, rules, quality profiles, ..), an update is needed to have those changes reflected locally. It has to be triggered manually with the parameter "-u":
sonarlint -u


  • August 12, 2016 - SonarLint CLI 2.0 is released, featuring the "connected mode", which allows to point SonarLint CLI to a remote project in a SonarQube server.
  • February 12, 2016 - First release of SonarLint CLI.


  • Which languages are supported? - Out of the box, SonarLint CLI will analyze Java, Javascript, PHP source files. If you bind SonarLint CLI to a SonarQube server, other analyzer plugins installed in the server will be downloaded and executed.
  • How do I configure which files to analyze? - By default, SonarLint analyzes all source code that it finds under the current directory. You can configure the location of source and test files using --src and --tests, respectively.
  • How to configure rules? - When SonarLint is bound to a project in a SonarQube server, the Quality Profile of that project is used. For more information, read the section about the connected mode.
  • How to keep updated about future releases? - Releases are announced in the SonarLint group. You can also subscribe to atom feed on github or to the newsletter in


SonarLint for Command Line is open source under the LGPL v3 license. You can fork us on GitHub, and submit Pull Requests. Feel free to fix bugs or to implement new features.


The preferred way to discuss about SonarLint is by posting on the SonarLint Google Group. We are also constantly monitoring questions posted to StackOverflow. For faster answers mark your StackOverflow questions with the [SonarLint] tag.