Dear community,
We are happy to announce that SonarQube CLI 1.1 is now available.
SonarQube CLI 1.1 adds native CLI integration with Antigravity (ex Gemini CLI) and Cursor, brings dependency risk scanning into the git pre-commit hook, and ships several other improvements.
What’s new
-
Run
sonar integrate antigravityto install secrets hooks, Agentic Analysis instructions, and set up the SonarQube MCP server. This integration supports both project and global scope. Documentation of Antigravity plugin can be found here. -
You can also run
sonar integrate cursorto installs beforeReadFile and preToolUse hooks for secret scanning, including a fix for Windows. This also adds a custom rule to run Agentic Analysis on file edited by agents and sets up the SonarQube MCP server. Check the docs of the plugin here -
We also added dependency risk scanning to the git pre-commit hook with
sonar integrate git --dependency-risks, making it possible to run an optional SCA scan alongside secrets scanning. If manifest files contain secrets, the commit is aborted before SCA runs. -
This release also adds a severity filter for dependency risk analysis through the
--severitiesflag on sonar analyze dependency-risks. -
To make setup smoother, the pre-commit hook now automatically discovers the SonarQube project key from Git remotes, removing the need for manual configuration.
-
On the Agentic Analysis side, SonarQube CLI now sends change sets as chunked multi-file requests for more efficient and accurate analysis.
-
In addition, the CLI now correctly handles severity values from old SonarQube Server versions.
Find out more about this release here and enjoy using SonarQube directly from your terminal!
Stay tuned for more updates.
Farah.