SonarScanner CLI

SonarScanner CLI is SonarSource's generic scanner for running source-code analysis against SonarQube Server or SonarQube Cloud when there is no build-system-specific scanner to use. It reads analysis parameters from project config, environment variables, and -D flags, then sends the scan to the Sonar service.

• Analyze a checked-out project from a local shell, CI job, or container runner and upload the resulting scan to SonarQube for quality and security evaluation.
• Drive scans from sonar-project.properties, alternate project settings files, environment variables, or inline -D properties, including scanning a different project base directory from the current working directory.
• Use a generic scanner path for repos that are not covered by a more specialized Sonar scanner, then fold that step into CI gates or other automated quality checks.

• Commands are non-interactive, configuration is entirely file/env/flag driven, and exit codes cleanly signal success versus scanner or user errors.
• Automation is weaker on the read side because local output is log-oriented rather than structured JSON, so agents usually rely on exit status here and query SonarQube separately for findings or quality-gate details.
• Best fit is as one step in a broader workflow that prepares the checkout, injects SONAR_TOKEN and server settings, runs the scan, and verifies results through Sonar-side APIs or dashboards.

• Useful operation requires a reachable SonarQube Server or SonarQube Cloud instance plus auth and project configuration; the CLI does not provide standalone local issue triage.
• It is not the right scanner for every stack: the docs explicitly call out .NET projects as needing the dedicated SonarScanner for .NET, and build-specific scanners can be a better fit when available.