Installs sonarqube-cli if not already installed, authenticates, and integrates SonarQube with the current agent (installs analysis hooks & SonarQube MCP Server). Use when the user wants to set up SonarQube integration or asks to configure SonarQube.
Analyze a file or code snippet for quality and security issues using SonarQube
Find files with low test coverage and inspect uncovered lines in a SonarQube project (project key optional when MCP integration already defines the default project)
Search for software composition analysis (SCA) dependency risks in a SonarQube project (project key optional when MCP integration already defines the default project)
Find files with code duplications in a SonarQube project and inspect duplication blocks for a file (project key optional when MCP integration already defines the default project)
Fix a specific SonarQube issue in code by rule key and location
| name | sonar-list-projects |
| description | List SonarQube projects accessible to the current user |
| argument-hint | ["search-query"] |
| allowed-tools | Bash(sonar:*) |
List SonarQube projects accessible to the authenticated user. Useful for discovering project keys before running other skills.
sonar-list-projects # list all accessible projects
sonar-list-projects my-project # search by name or key
This skill uses the sonarqube-cli command. The CLI must be installed and authenticated before proceeding.
Before proceeding, verify that sonar is available on your PATH and authenticated. If it is not, do not attempt to call any alternative commands or invent alternatives, and show the user:
Unable to list projects.
Possible causes:
sonarqube-clinot installed or not authenticated — invoke the sonar-integrate skill
Then ask the user (yes/no) whether to run the sonar-integrate skill now. If they confirm, invoke the sonar-integrate skill yourself and follow it end-to-end in this session, then re-check and continue; if they decline, stop.
--query.If a --query search term was provided, validate it matches ^[a-zA-Z0-9_\-\. ]+$. If it does not, stop and tell the user what was rejected — do not run the command.
sonar list projectsBuild and run the command using a shell command:
sonar list projects [--query <search-term>]
Only include --query if a search term was provided.
If projects are found:
## SonarQube Projects
Found **8 project(s)**:
| Project key | Name |
| ----------------- | --------------- |
| my-org_backend | Backend Service |
| my-org_frontend | Frontend App |
| my-org_shared-lib | Shared Library |
If no projects are found:
## SonarQube Projects
No projects found. If you expected results, check your authentication with `sonar auth status`.
If the result is paginated (500 projects returned), note: "Showing first 500 projects. Use a search term to narrow results."
sonar.projectKey is in sonar-project.properties — the CLI always requires -p."