Goose SonarQube for VS Code
A code review assistant that integrates SonarQube with Git change analysis for VS Code.
This extension helps you review your own code changes by leveraging SonarQube's powerful code quality analysis. It surfaces code quality issues directly inside VS Code, focusing only on the files you've modified.
Note: This extension requires SonarQube Community Edition server. SonarCloud is not supported now.
Difference from Official SonarQube Extension
This extension focuses on Git changes, while the official SonarQube for IDE focuses on real-time file analysis:
|
This Extension |
Official Extension |
| Scope |
Changed files only (Git diff) |
All open files |
| Timing |
On-demand (manual command) |
Real-time (as you type) |
| Context |
Branch comparison, PR analysis |
Current file editing |
| Output |
Webview report with export |
Problems panel |
Features
- Self-Code Review: Review your own code changes with AI-powered insights from SonarQube
- Git Change Analysis: Analyze working directory changes, branch comparisons, and pull requests
- SonarQube Integration: Leverage SonarQube's code quality analysis engine
- Targeted Issue Detection: Find code quality issues only in files you've modified, not the entire project
- Interactive Reports: View analysis results in a rich webview panel
- Export Reports: Export analysis results to Markdown, JSON, or HTML for team sharing
Prerequisites
This extension requires a SonarQube Community Edition server.
Usage
1. Install and run SonarQube Community Edition
Option A: Using Docker (Recommended)
For local development and testing, run SonarQube Community Edition using Docker Compose:
cd docker
docker-compose up -d
This will start SonarQube on http://localhost:9000.
Default credentials are admin / admin (you will be prompted to change the password on first login).
To stop the server:
docker-compose down
Option B: Using Docker directly
docker run -d --name sonarqube \
-p 9000:9000 \
-v sonarqube_data:/opt/sonarqube/data \
-v sonarqube_extensions:/opt/sonarqube/extensions \
-v sonarqube_logs:/opt/sonarqube/logs \
sonarqube:community
Option C: Download and install manually
Download SonarQube Community Edition from official website
Unzip and run:
# On macOS/Linux
bin/macosx-universal-64/sonar.sh start
# On Windows
bin\windows-x86-64\StartSonar.bat
Wait for SonarQube to fully start (may take 1-2 minutes). Access the web interface at http://localhost:9000.
2. Set up your project in SonarQube
Before using this extension, you must create and configure your project in SonarQube:
Step 1: Log in to SonarQube
- Open
http://localhost:9000 in your browser
- Log in with default credentials:
admin / admin
- Change the password when prompted
Step 2: Generate an authentication token
- In the SonarQube web interface (logged in as
admin), click on your user avatar in the top-right corner
- Select "My Account" → "Security" tab
- Under "Generate Tokens" section:
- Token name:
vscode-extension (or any name you prefer)
- Token type: User Token
- Expires in: Choose an appropriate duration (e.g., 90 days, or "No expiration" for testing)
- Click "Generate" and copy the token immediately (you won't be able to see it again)
- Save the token securely - you'll need it for the VS Code extension configuration
Step 3: Create a new project
- Click "Create Project" → "Manually"
- Enter your Project Key (e.g.,
my-project) and Display Name
- Click "Set Up"
Now that your project is set up in SonarQube, configure the extension:
Step 1: Add SonarQube connection
Via Command Palette
- Run command: "Goose SonarQube: Add SonarQube Connection"
- Follow the input prompts to provide:
- Connection ID: A friendly name (e.g.,
local-sonarqube)
- Server URL:
http://localhost:9000 (or your server URL)
- Authentication Token: Paste the token you generated in Step 2
- Organization Key: Leave empty (not needed for SonarQube Community Edition)
Via Configuration UI
- Open the Git Analysis Menu:
- Click the sonar menu icon in the Source Control panel title bar
- Select "Manage SonarQube Connections" from the menu
- Click "Add New Connection" in the webview panel
- Fill in the connection form:
- Connection ID: A friendly name (e.g.,
local-sonarqube)
- Server URL:
http://localhost:9000
- Authentication Token: Paste the token you generated in Step 2
- Organization Key: Leave empty for SonarQube Community Edition
- Click "Save" to add the connection
Step 2: Bind workspace to SonarQube project
Via Command Palette (binding)
- Run command: "Goose SonarQube: Bind to SonarQube Project"
- Select the connection you just created from the list
- Enter the Project Key you created in Step 3 (e.g.,
my-project)
Via Configuration UI (binding)
- Open the Git Analysis Menu:
- Click the sonar menu icon in the Source Control panel title bar
- Select "Manage Project Binding" from the menu
- Click "Add Binding" or "Edit Binding" in the webview panel
- Select the connection from the dropdown
- Enter the Project Key (e.g.,
my-project)
- Click "Save" to bind the project
Step 3: Test the connection
Via Command Palette (testing)
- Run command: "Goose SonarQube: Test SonarQube Connection" to verify everything is configured correctly
- Alternatively, run "Goose SonarQube: Diagnose SonarQube Integration" for a comprehensive check of your configuration and connection status
Via Configuration UI (testing)
- Open the Git Analysis Menu:
- Click the sonar menu icon in the Source Control panel title bar
- Select one of the following options:
- "Test SonarQube Connection" - Quick connection test
- "Diagnose SonarQube Integration" - Comprehensive configuration check
- Check the result message to confirm successful connection
You should see a success message confirming the connection to your SonarQube server and project.
4. Manage configuration
5. Analyze changes
Now you're ready to analyze your code changes!
- Open the Git Analysis Menu from the Source Control panel:
- Click the sonar menu icon in the SCM title bar, or
- Run the command "Goose SonarQube: Git Analysis Menu" from the Command Palette
- Choose an analysis type:
- Working Directory – Analyze uncommitted changes
- Branch Comparison – Compare two branches
- Pull Request – Analyze a GitHub PR
- Review results in the Git Change Analysis panel and export if needed.
You can also open the analysis panel directly with "Goose SonarQube: Open Git Change Analysis".
Tip: If you encounter connection issues, use "Goose SonarQube: Diagnose SonarQube Integration" to check your configuration.
Commands
Configuration & setup
Goose SonarQube: Add SonarQube Connection – Configure a new SonarQube serverGoose SonarQube: Manage SonarQube Connections – View, edit, or delete connectionsGoose SonarQube: Bind to SonarQube Project – Link your workspace to a projectGoose SonarQube: Manage Project Binding – View, edit, or remove project bindingGoose SonarQube: Test SonarQube Connection – Verify connectionGoose SonarQube: Diagnose SonarQube Integration – Check configuration and connection status
Analysis
Goose SonarQube: Git Analysis Menu – Unified quick menu for all Git analysis actionsGoose SonarQube: Analyze Working Directory Changes – Analyze uncommitted changesGoose SonarQube: Analyze Branch Comparison – Compare branchesGoose SonarQube: Analyze Pull Request – Analyze a GitHub PRGoose SonarQube: Analyze Project with SonarQube – Full project analysisGoose SonarQube: Open Git Change Analysis – Open the Git change analysis panel
Configuration
You can configure this extension from VS Code Settings (Preferences → Settings) or by editing settings.json.
gooseSonarQube.connections
Array of SonarQube server connections.
gooseSonarQube.projectBinding
Binds a workspace folder to a specific SonarQube project.
gooseSonarQube.timeout
SonarQube connection timeout in milliseconds (default: 3000).
gooseSonarQube.enabled
Enable or disable SonarQube integration globally.
Development
For development setup and contribution guidelines, see DEVELOPMENT.md.
License
MIT
