To benefit from this feature, you must be using SonarQube for IDE: VS Code in connected mode with SonarQube Cloud Team or Enterprise plans. The project you’re working on must have AI CodeFix enabled in SonarQube Cloud by an Organization Admin. You can find more details in our docs.
In addition, in this version we fixed a few bugs and improved the way scheduling of analyses is done in the IDE.
Finally, some analyzers updates with improvements were included.
You can find the full SonarQube for IDE: VS Code release notes here.
Does SonarQube AI CodeFix collect source code and trains thier LLM(s)? If yes, is the LLM a SonarQube private LLM? Is the customer source code train across other customer code base? Are there any future plans to isolate the LLM by customer and prevent collecting and training across other customer’s LLM?
Thanks for reaching out.
For now we do not collect and store source code from you. We do not train LLMs either and we have a Zero Data Retention policy with OpenAI and Anthropic, meaning that the code sent is not stored on their servers.
Hi Jack. With the latest release of SonarQube Server 2025.3 and VSCode 4.23, we’re happy to announce that you can use AI CodeFix directly in the IDE. If there is any question on how it works, please reach out to us.
Best regards,
Farah.