What is the SonarQube Agent App in GitHub?
GitHub is expanding its agentic platform beyond coding agents to other external applications, including code verification and analysis agents. The SonarQube Agent App packages SonarQube’s shared skills and MCP server configuration as an Agentic App. Once installed, GitHub gains access to SonarQube's code quality and security analysis, all governed by your existing quality profiles and gates.
This is a big deal. The SonarQube Agent App brings code verification directly into the GitHub agentic workflow, so issues are caught and resolved right where the code is written, not minutes or hours later in a pipeline. That means faster feedback loops, fewer broken builds, and a verification step that actually keeps pace with autonomous agents.
How does the SonarQube Agent App work in GitHub?
The SonarQube Agent App is @-mentionable in issues and PRs, assignable to tasks, and visible in Mission Control. When invoked, it authenticates via OIDC, runs code verification against your quality gate, surfaces findings, and opens a session where you can check the agent’s work. Coding agents remediate from there, closing the Guide-Verify-Solve loop.
What is Agent Centric Development and why does it matter for AI coding agents?
Coding agents on GitHub now open PRs, respond to issues, and run on schedules, often with no human in the loop. CI catches some issues, but only after the fact. When pull requests are 10x larger and the code is generated by a probabilistic model, after-the-fact review can't keep up.
That's exactly what the Agent Centric Development Cycle (AC/DC) is built for. Because AI is probabilistic, code verification has to be deterministic, and it has to happen where agents work, not downstream in a pipeline. The SonarQube Agent App is the Verify step for agentic development on GitHub, bringing deterministic analysis, quality profiles, issue remediation, and shared skills to the platform.
For enterprises running multiple coding agents, this is especially significant. Every agent produces code to its own implicit quality bar. The SonarQube Agent App applies one consistent standard across all of them: one SonarQube instance, one set of rules, one quality gate from sandbox to merge. And developers who verify with SonarQube are 44% less likely to report outages due to AI-generated code.
How do I get started with the SonarQube Agent App for GitHub?
The SonarQube Agent App in GitHub is available for SonarQube Cloud customers. Install it on your GitHub organization or repos, just like any GitHub Agent App.
Install the Agentic App on your organization, then set two Copilot variables (COPILOT_MCP_SONARQUBE_ORG and COPILOT_MCP_SONARQUBE_PROJECT_KEY) at the repository, organization, or enterprise level. Sessions will reach SonarQube Cloud automatically.
