Question about Sonarqube's AI Features AI Code Assurance and AI CodeFix

popac00 · June 16, 2025, 10:07am

Sonarqube 2025.1.1 LTA deployed via zip.
what are you trying to achieve- wanted to understand the AI Features of Sonarqube.

I have a couple of questions regarding the AI features in SonarQube:

Could you please confirm whether the AI features are cloud-based or self-hosted? If they are self-hosted, can you assure that no data is shared externally?
Who will have access to the data ingested and the output generated by the AI? Is this data visible within SonarQube’s UI, and do SonarSource or any third-party applications have access to it?

Thank you for your assistance.

ganncamp · June 16, 2025, 12:29pm

Hi,

The docs should get you started. Note that you have the ability to use a self-hosted LLM for the AI CodeFix, and

When you select a self-hosted LLM, your code stays within your network. However, Sonar’s AI CodeFix service needs to send the latest prompts and supported rule descriptions therefore, your instance of SonarQube server will still need internet connectivity.

If you use Sonar’s AI CodeFix LLM, the affected code snippet will be sent by the AI CodeFix service to the selected LLM. Service agreements with Sonar’s LLMs prevent your code from being used to train those models.

HTH,
Ann

popac00 · June 17, 2025, 6:44am

Hi G Ann, am I correct in my understanding about this:

When you select a self-hosted LLM, your code stays within your network. However, Sonar’s AI CodeFix service needs to send the latest prompts and supported rule descriptions therefore, your instance of SonarQube server will still need internet connectivity.

If you use Sonar’s AI CodeFix LLM, the affected code snippet will be sent by the AI CodeFix service to the selected LLM. Service agreements with Sonar’s LLMs prevent your code from being used to train those models.

With a self-hosted LLM, code stays inside your network, but SonarQube still needs internet access for updates (not for sending code). The update is like knowing if there’s a new Sonarqube version?

With Sonar’s AI CodeFix cloud LLM, code snippets are sent to Sonar’s servers, but not used for training or stored long-term.

ganncamp · June 17, 2025, 11:57am

Hi,

In the context of LLMs, it’s not about knowing there’s a new SonarQube version (altho that’s good to know ). Again:

To be clear, we get lots of feedback, every day. We’re continually improving things, whether it’s rule descriptions, prompts, or the code itself. So that network connection is to get the best, most up-to-date data to send to your LLM.

Correct.

HTH,
Ann

Topic		Replies	Views
Have few questions regarding Sonarqube 2025.1 LTA version with AI capabalities SonarQube Server / Community Build support	1	22	April 25, 2025
AI CodeFix generally available soon! Sonar Updates ai , ai-codefix	0	179	April 16, 2025
AI features - Sonarqube Enterprise 10.7 SonarQube Server / Community Build sonarqube	5	142	November 19, 2024
[Webinar] What to Expect When Upgrading to the New SonarQube Server LTA Sonar Updates sonarqube , server , lta	0	143	February 21, 2025
SonarQube for IDE: VS Code 4.20.2 - AI CodeFix in the IDE Releases vscode , ai-codefix , sonarqube-ide	4	166	May 27, 2025

Question about Sonarqube's AI Features AI Code Assurance and AI CodeFix

Related topics