SonarQube for IDE: Visual Studio Code v4.35 empowers AI agents via the Model Context Protocol (MCP), and streamlines the configuration process for OpenVSX-based environments.

Empowering your AI agents with MCP

As AI-assisted coding becomes a staple in development workflows, your AI agents must understand code quality as well as you do.

To facilitate this, we have implemented a “rules file” for AI agents. With one-click generation, this file provides the necessary instructions for agents to utilize the SonarQube MCP Server effectively, ensuring actionable code intelligence is integrated directly into the conversation.

Windows users

• Windows packages on OpenVSX now include an embedded JRE. This eliminates the need for manual Java configuration or JAVA_HOME setup, ensuring the extension works out of the box.

Update on C# Support for OpenVSX

For developers using standard Visual Studio Code, your workflow remains unchanged.

For those working in OpenVSX-based environments like Cursor or Windsurf, we have updated our distribution method to ensure continued support for C# analysis. While this requires a manual update, it guarantees you stay protected.

• Simply download the latest .vsix from our Releases Page and install it via the “Install from VSIX” command in your IDE.

Explore the full details in our release notes and join the discussion on the community post.

With SonarQube for IDE: Visual Studio Code v4.33 we introduce a powerful new way to connect your AI assistants directly to SonarQube.

Introducing a one-click setup for the SonarQube MCP (Model Context Protocol) server. Automating the entire set-up, this enhancement allows you to connect your favorite AI-native IDEs and assistants directly to your SonarQube instance.

Explore the full details in our release notes and join the discussion on the community post.

With SonarQube for IDE: Visual Studio Code v4.30 take control of your code analysis by enabling or disabling automatic, on-the-fly analysis.

• Boost performance on large projects: Disable continuous on-the-fly analysis for a snappier, more responsive IDE experience when working with larger codebases or complex files. Perform analysis only when explicitly requested.
• Achieve a smoother experience with AI coding assistants: Temporarily disable automatic analysis while your AI assistant generates code to prevent interruptions. Re-enable it after the process is complete for a seamless workflow..

Explore the full details in our release notes and join the discussion on the community post.

Take control of your dependencies directly within your IDE. SonarQube for IDE: VS Code v4.28 introduces robust dependency risk management.

In connected mode, simply access the new Dependency Risks via the SonarQube report view. This powerful view clearly displays dependency risks and license violations identified in your SonarQube Server project analysis. For insights into analyzing your projects for dependencies, refer to the SonarQube documentation.

Act on issues instantly: Don't just see the problems—solve them! Interact directly with these issues by opening them in SonarQube Server or changing their status right from your IDE.

Streamline your setup: We’ve enhanced binding detection between your local projects and SonarQube Server or Cloud analyzed projects using Git information. This improvement simplifies the connected mode setup after your initial SonarQube for IDE connection.

For Cursor users who imported SonarQube for IDE from VS Code, we assist in checking and correcting your connected mode state. This ensures you benefit from the advanced analysis capabilities it provides.

C++ analysis using MISRA C++:2023 rules: These early access rules are now available in the IDE enabling local analysis.

Explore the full details in our release notes and join the discussion on the community post. 

This release of SonarQube for IDE: VS Code v4.26 marks the beginning of a series of enhancements aimed at providing a centralized view to streamline the remediation of all raised issues. To achieve this, we are introducing a new SonarQube panel as part of a phased approach.

• Within this new SonarQube panel, users in connected mode (to SonarQube Cloud or Server) now get a unified view of security hotspots and taint vulnerabilities, making it faster and easier to identify and address issues.
• Enhanced interaction within the panel allows clicking an issue to open its rule description directly in your IDE, and a right-click provides additional actions, including applying fixes with AI CodeFix.

This new SonarQube panel is a key step in our ongoing effort to simplify issue remediation, with further improvements planned that will build upon this theme.

Explore the full details in our release notes and join the discussion on the community post.

SonarQube for IDE: VS Code v4.24 brings tighter integration with GitHub Copilot agent mode.

• With Copilot agent mode enabled, ask the Copilot agent to perform a SonarQube related action using natural language eg “Do I have any security issues in this file” and the agent will get to work. It can even help you set up connected mode.

Plus

• Updated Sonar Java analyzer. Supports Java versions up to Java 23, and includes new rules for Java 22 features.
• Sonar Dataflow Bug Detection (DBD) engine 2.0 - provides more precise bug detection in Java and Python code. Learn more in our blog post.

For more information, see the release notes and the community post.

SonarQube for IDE: VS Code v4.23 brings AI-CodeFix in the IDE for SonarQube Server users, plus analyzer updates including Go enterprise rules.

• AI CodeFix is now available when using connected mode with SonarQube Server 2025.3+ Enterprise & Data Center editions.
  
  When hovering over an issue, select the SonarQube: Fix with AI CodeFix code action, to generate a fix suggestion. You can review the suggestion in the refactor preview, and then select the code snippets to apply. Further details on using AI capabilities in the IDE are available here.

• Go enterprise rules are now available if you are in connected mode with SonarQube Cloud and SonarQube Server paid licenses. Learn more here.

For more information, see the release notes and the community post.

SonarQube for IDE: VS Code v4.22 includes analyzer updates and an improved onboarding experience for new users. 

• Expanded ruleset for PySpark code. 5 new rules were added, bringing the total to 13, to help identify common issues, and encourage best practices.

• Updated SonarJava analyzer. Support for Java versions up to Java 23, and new rules for Java 22 features are included.

• An enhanced onboarding experience includes an updated walkthrough to guide new users.

For more information, see the release notes and the community post.

SonarQube for IDE: VS Code v4.20 introduces AI-generated fixes for coding issues.

AI CodeFix is now available! When using connected mode with SonarQube Cloud Team or Enterprise plans, you can select SonarQube: Fix with AI CodeFix when hovering over an issue to generate a fix suggestion. 

You can review the suggestion in the refactor preview, and then select the code snippets to apply. Further details on using AI capabilities in the IDE are available here.

For more information, see the release notes and the community post.

SonarQube for IDE: VS Code v4.18 brings analyzer updates and performance enhancements. 

• Analyzer updates:  the Sonar Python analyzer was updated - bringing new rules for PySpark.

• We have optimized extension size and download time significantly by downloading the C/C++ analyzer separately.

Discover more with our release notes and community post.