SonarQube for IDE: Real

What is SonarQube for IDE and how does it help me write quality code?

SonarQube for IDE is a free developer companion that brings real-time static analysis, quick-fix guidance, and security issue detection directly into your coding editor. It surfaces issues as you code, explains why they matter, and suggests clear next steps, so you can improve quality at the source without breaking your flow. This helps teams reduce rework, prevent defects early, and keep quality consistent across contributors. Beyond inline issue highlighting, SonarQube for IDE supports a focus on new code, encouraging new code quality practices that prevent the introduction of fresh issues.

Which IDEs are supported by SonarQube for IDE?

SonarQube for IDE (formerly known as SonarLint) is broadly supported across the most popular development environments. SonarQube for IDE supports Visual Studio, VS Code, Eclipse, and the JetBrains family (including IntelliJ, PyCharm, and WebStorm). It also extends to AI-native editors built on the VS Code architecture, such as Cursor, Windsurf, and Trae. It provides real-time analysis for over 20 languages including Java, JavaScript, TypeScript, Python, C#, C++, PHP, and Go, with additional support for languages like COBOL, Apex, and PL/SQL when used in Connected Mode. Support spans the major

How does SonarQube for IDE connect with SonarQube Server and SonarQube Cloud?

You can use Connected Mode to integrate SonarQube for IDE with SonarQube Server or SonarQube Cloud to align local analysis with the rules, quality profiles, and policies used on your central projects. This ensures the same standards and baselines apply in the IDE and in CI, reducing surprises when code is reviewed or merged. Once connected, issues detected locally reflect the same rule configuration as your server-side analysis. This supports a focus on new code workflows: developers see exactly what will matter at merge, fix issues early, and reliably pass quality gates governed by your proje

What languages and frameworks are covered in the IDE?

SonarQube for IDE covers a broad set of languages, including popular backend, frontend, and infrastructure languages, and it continues to evolve with ecosystem needs. It has support for over 20 languages including Java, JavaScript, TypeScript, Python, C#, C++, PHP, and Go, with additional support for languages like COBOL, Apex, and PL/SQL when used in Connected Mode. Coverage includes rules for reliability, security, maintainability, and test-related guidance to help you deliver quality code continuously. Framework-specific checks help flag pitfalls common to certain stacks, while general best

How do I enable a focus on new code with SonarQube for IDE?

To enable focus on new code, you can toggle the setting directly within your IDE. This feature filters the issue list to show only the problems introduced in your current development cycle (the "New Code Period"). You can also set up your project’s new code definition in SonarQube Server or SonarQube Cloud, then connect your IDE so the same definition and rules apply locally. With this, SonarQube for IDE highlights issues in changed files, promoting new code quality habits that steadily raise standards without massive refactors. This approach encourages teams to improve quality incrementally,

How do rules and quality profiles in SonarQube affect issues shown in my IDE?

The issues you see in SonarQube for IDE are driven by the rules active in your project’s quality profile on SonarQube Server or SonarQube Cloud if you are in Connected Mode. When your organization updates rules, your IDE analysis reflects those changes, ensuring your local findings match CI and code review expectations. You can tailor profiles to your tech stack and risk tolerance, enabling or disabling rules as needed. This centralized governance helps teams standardize on quality code practices while giving developers precise, up-to-date feedback inside their editor.

Can SonarQube for IDE help with security issues and hotspots?

Yes—SonarQube for IDE flags vulnerabilities, security hotspots, and patterns that can lead to injection, insecure configurations, and other risks. Findings include contextual explanations and remediation guidance to help you fix problems early, reducing the chance of security debt accumulating. While some security issues require full-project or build-context analysis, early indications in the IDE steer you toward safer patterns as you write code. Some advanced security findings (e.g., dependency‑aware Advanced SAST or SCA) are evaluated on the server side depending on your edition/features, co

Can SonarQube for IDE help with secrets detection?

Yes, SonarQube for IDE includes robust Secrets Detection as a core security feature. It acts like a real-time spellchecker for sensitive data, catching credentials the moment they are typed or pasted into your editor. It flags potential secrets (like API keys, database passwords, or private keys) before you commit them to your repository, preventing the need for costly "secret rotation”.