Agent Sonar Enterprise Edition
Agent Sonar Enterprise Edition is an enterprise-grade Visual Studio Code extension that integrates SonarQube static code analysis with AI-powered automated remediation. Streamline your code quality workflow by automatically detecting and fixing bugs, code smells, and security vulnerabilities across your entire codebase.
Overview
Agent Sonar bridges the gap between static code analysis and automated code remediation, enabling development teams to maintain high code quality standards while reducing manual review overhead. By leveraging GitHub Copilot's advanced language models, the extension provides intelligent, context-aware fixes for issues detected by SonarQube.
Key Features
Static Code Analysis Integration
- Direct SonarQube Integration: Connect seamlessly to your SonarQube server
- Real-time Issue Detection: Automatic synchronization of bugs, code smells, and security hotspots
- Multi-project Support: Manage and analyze multiple projects from a single workspace
- Comprehensive Issue Tracking: View detailed issue information including severity, rule violations, and affected code locations
- Intelligent Code Fixes: Leverage GitHub Copilot to automatically remediate detected issues
- Batch Processing: Fix multiple issues across numerous files concurrently
- Adaptive Performance: Dynamic batch sizing based on account type and network performance
- Validation & Safety: Built-in validation ensures fixes preserve code structure and functionality
Enterprise Workflow Integration
- Automated Pull Request Creation: Generate PRs with fixes directly from the extension
- Git Integration: Seamless branch creation, commit management, and remote push
- Detailed Logging: Comprehensive output logs for audit trails and debugging
- Configurable Behavior: Extensive settings to match your organization's workflow
Installation
Prerequisites
- Visual Studio Code version 1.85.0 or higher
- SonarQube server (version 7.9 or higher)
- GitHub Copilot extension (for AI-powered fixes)
- Git (for automated PR creation)
Installation Steps
Install the Extension
- Open Visual Studio Code
- Navigate to Extensions (Ctrl+Shift+X)
- Search for "Agent Sonar"
- Click Install
Configure SonarQube Connection
- Open Settings (Ctrl+,)
- Search for "Agent Sonar"
- Configure the following settings:
agentSonar.serverUrl: Your SonarQube server URLagentSonar.token: Authentication token from SonarQubeagentSonar.organizationKey: Organization key (for SonarCloud)
Verify GitHub Copilot
- Ensure GitHub Copilot extension is installed and activated
- Sign in with your GitHub account
- Verify Copilot access in your account settings
Configuration
Required Settings
{
"agentSonar.serverUrl": "https://your-sonarqube-server.com",
"agentSonar.token": "your-sonarqube-token",
"agentSonar.organizationKey": "your-organization-key"
}
{
"agentSonar.copilotBatchSize": 3,
"agentSonar.copilotAdaptiveMode": true,
"agentSonar.copilotMaxRetries": 2,
"agentSonar.copilotTimeout": 30000
}
Configuration Reference
| Setting |
Type |
Default |
Description |
agentSonar.serverUrl |
string |
"" |
SonarQube server URL |
agentSonar.token |
string |
"" |
SonarQube authentication token |
agentSonar.organizationKey |
string |
"" |
Organization key for SonarCloud |
agentSonar.copilotBatchSize |
number |
3 |
Number of files to process concurrently (1-10) |
agentSonar.copilotAdaptiveMode |
boolean |
true |
Enable adaptive batch size optimization |
agentSonar.copilotMaxRetries |
number |
2 |
Maximum retry attempts for failed fixes |
agentSonar.copilotTimeout |
number |
30000 |
Timeout for each Copilot API request (ms) |
Usage Guide
Initial Setup
Select Project
- Open the Agent Sonar view in the Activity Bar
- Click "Select Project"
- Choose your SonarQube project from the list
Analyze Codebase
- Click "Analyze Project" in any of the three panels:
- Security Hotspots
- Code Smells
- Bugs
- Issues will be displayed in the VS Code Problems panel
Option 1: Review and Apply Fixes Individually
- Click "Fix with Copilot" button in the panel toolbar
- Review each proposed fix in a diff view
- Accept or reject changes individually
- Create a pull request with approved changes
Option 2: Batch Processing with Review
- Click "Fix & Create PR" button
- Select "Review Each Fix (Slower, More Control)"
- Review diff for each file
- Approve or skip each fix
- Automatically create PR with all approved fixes
Option 3: Fast Automated Processing
- Click "Fix & Create PR" button
- Select "Fast Auto-Fix (Faster, Less Control)"
- Extension processes all files in parallel
- Review all changes in Git diff view
- Create PR with all fixes
Option 4: Interactive Chat-based Fixing
- Click "Fix & Create PR" button
- Select "Copilot Chat (Interactive)"
- Discuss fixes with Copilot before applying
- Apply fixes after review
Architecture
Components
- Issue Providers: Three specialized providers for bugs, code smells, and security hotspots
- SonarQube Client: Handles API communication with SonarQube server
- Copilot Integration: Manages AI-powered fix generation and application
- Diagnostic Collection: Integrates issues into VS Code's native problem reporting
- Git Automation: Handles branch creation, commits, and PR generation
Data Flow
SonarQube Server → Issue Providers → Diagnostic Collection → VS Code Problems Panel
↓
Copilot Integration → Code Fixes → Git Automation → Pull Request
Batch Processing
- Sequential Mode: Processes one file at a time (slowest, safest)
- Concurrent Mode: Processes 3-7 files simultaneously (configurable)
- Adaptive Mode: Automatically adjusts batch size based on performance
Speed Optimization
- Batch API Calls: Single LLM request per file (10x faster than per-issue requests)
- Parallel Processing: Multiple files processed concurrently (3x faster)
- Retry Logic: Exponential backoff for failed requests (improves reliability)
| Project Size |
Issues |
Processing Time |
Success Rate |
| Small (<10 files) |
50 |
30-60 seconds |
95%+ |
| Medium (10-50 files) |
200 |
2-5 minutes |
90%+ |
| Large (50-100 files) |
500 |
5-15 minutes |
85%+ |
| Enterprise (100+ files) |
1000+ |
15-30 minutes |
80%+ |
Security & Privacy
Data Handling
- Local Processing: All code analysis happens locally in VS Code
- Secure Communication: HTTPS-only connections to SonarQube and GitHub
- Token Storage: Authentication tokens stored securely in VS Code settings
- No Data Retention: No code or analysis data is stored by the extension
GitHub Copilot Integration
- Code snippets are sent to GitHub Copilot API for fix generation
- Subject to GitHub Copilot's privacy policy and terms of service
- Business/Enterprise accounts have enhanced privacy protections
Troubleshooting
Common Issues
Extension not detecting SonarQube projects
- Verify
serverUrl and token are correctly configured
- Check network connectivity to SonarQube server
- Ensure token has appropriate permissions
Copilot fixes failing
- Verify GitHub Copilot extension is installed and activated
- Check Copilot subscription status
- Review timeout settings if requests are timing out
- Reduce
copilotBatchSize if experiencing rate limits
Pull request creation failing
- Ensure Git is installed and configured
- Verify remote repository is accessible
- Check Git credentials are properly configured
Diagnostic Logging
Enable detailed logging in the Output panel:
- View → Output (Ctrl+Shift+U)
- Select "Agent Sonar - Copilot Fixes" from dropdown
- Review detailed processing logs
Support & Contributing
Enterprise Support
For enterprise support inquiries, licensing, or custom integration requirements, please contact your organization's VS Code extension administrator or reach out through official channels.
Issue Reporting
Report bugs or request features through the extension's GitHub repository. Please include:
- VS Code version
- Extension version
- SonarQube server version
- Detailed steps to reproduce
- Relevant log output
Contributing
Contributions are welcome. Please follow the standard pull request process:
- Fork the repository
- Create a feature branch
- Implement changes with tests
- Submit pull request with detailed description
Version History
Version 2.0.1 (Current)
- Adaptive batch processing with dynamic sizing
- Configurable retry logic and timeout settings
- Enhanced validation and error handling
- Improved logging and diagnostics
- Performance optimizations for large codebases
Version 2.0.0
- AI-powered automated code fixing with GitHub Copilot
- Automated pull request creation
- Batch processing for multiple files
- Interactive fix review modes
Version 1.0.0
- Initial release
- SonarQube integration
- Issue visualization in Problems panel
- Support for bugs, code smells, and security hotspots
License
This extension is provided under standard software licensing terms. See LICENSE file for details.
Acknowledgments
- Built on Visual Studio Code Extension API
- Powered by GitHub Copilot Language Model API
- Integrates with SonarQube static analysis platform
Agent Sonar Enterprise Edition - Automated Code Quality at Enterprise Scale
