Join the beta
The Remediation Agent is currently available for SonarQube Cloud Enterprise accounts
Sign upUpdate — March 2026: This article was originally published on February 11, 2026, when we launched the closed beta of SonarQube Remediation Agent for Enterprise customers. We are now opening up the beta and expanding access to all SonarQube Cloud Teams and Enterprise annual plan customers.
The agentic era needs a new development cycle
AI agents are generating code faster than the processes built to govern it. Speed without guardrails creates risk — and code that isn't reliable, secure, and maintainable is a liability regardless of who wrote it.
To address this, Sonar introduced the Agent Centric Development Cycle (AC/DC) — a framework built for the age of AI, with four continuous stages: Guide → Generate → Verify → Solve. The SonarQube Remediation Agent is Sonar's solution to the Solve stage.
What is SonarQube Remediation Agent?
SonarQube Remediation Agent is an AI agent that fixes issues discovered by SonarQube during code analysis — automatically, and with built-in verification to make sure the fix actually works.
The three key differentiators
- The “architecture of trust”: This is the core difference. The agent uses a hybrid validation approach. It doesn’t blindly trust the LLM’s output. It runs an internal verification loop where it applies the patch in a sandbox and re-scans it using the Sonar code analysis engine. If the fix introduces a new code security vulnerability or fails to solve the original issue, it is discarded.
- Backlog fixes via “Assign to Agent”: Now expanded in open beta. For existing issues on the main branch, a new “Assign to Agent” button on the Issues page lets developers select backlog issues and send them directly to the agent. The agent autonomously identifies the necessary changes and opens a new Pull Request (PR) per issue — which developers can then review, test, and merge. When multiple issues are assigned to the agent simultaneously, it opens one pull request per issue — keeping changes focused and easy for developers to review individually..
- Developer-in-the-loop workflow: It doesn’t force changes into your main branch. Instead, the Agent creates PRs now for both use cases. For in-progress PRs, the agent opens a new PR targeting the original branch. Developers review and merge it on their own terms — nothing is forced into your codebase.
How it fits your workflow
- Targeted fixes: It focuses exclusively on the “new code” in your PR. If a change breaks the quality gate, the agent identifies why and proposes a solution.
- Backlog fixes: For existing issues in your main branch, use 'Assign to Agent' to send backlog items directly to the agent — no manual triage required.
- Verification before suggestion: Before you ever see a suggestion, the agent runs a background check to ensure its proposed fix doesn’t introduce new issues.
- Language support: Covers Java, JavaScript/TypeScript, and Python, including remediation for exposed secrets.
- Works with GitHub: The Remediation Agent integrates with GitHub repositories.
Get started with the open beta
The Remediation Agent is now available for SonarQube Cloud Annual Teams and Enterprise accounts, free to use during the beta period — and open to the first 500 organisations that enroll, so don't wait.
If you’re tired of the manual toil involved in clearing quality gate hurdles and want to focus on shipping features instead of chasing code smells, the Remediation Agent is ready for you to try today.
Enable it from your SonarQube Cloud settings