SonarQube CLI v1.1 - Plugins for Antigravity and Cursor, SCA in pre-commit hook

Dear community,

We are happy to announce that SonarQube CLI 1.1 is now available.

SonarQube CLI 1.1 adds native CLI integration with Antigravity (ex Gemini CLI) and Cursor, brings dependency risk scanning into the git pre-commit hook, and ships several other improvements.

What’s new

  • Run sonar integrate antigravity to install secrets hooks, Agentic Analysis instructions, and set up the SonarQube MCP server. This integration supports both project and global scope. Documentation of Antigravity plugin can be found here.

  • You can also run sonar integrate cursor to installs beforeReadFile and preToolUse hooks for secret scanning, including a fix for Windows. This also adds a custom rule to run Agentic Analysis on file edited by agents and sets up the SonarQube MCP server. Check the docs of the plugin here

  • We also added dependency risk scanning to the git pre-commit hook with sonar integrate git --dependency-risks, making it possible to run an optional SCA scan alongside secrets scanning. If manifest files contain secrets, the commit is aborted before SCA runs.

  • This release also adds a severity filter for dependency risk analysis through the --severities flag on sonar analyze dependency-risks.

  • To make setup smoother, the pre-commit hook now automatically discovers the SonarQube project key from Git remotes, removing the need for manual configuration.

  • On the Agentic Analysis side, SonarQube CLI now sends change sets as chunked multi-file requests for more efficient and accurate analysis.

  • In addition, the CLI now correctly handles severity values from old SonarQube Server versions.

Find out more about this release here and enjoy using SonarQube directly from your terminal!

Stay tuned for more updates.

Farah.

3 Likes