TLDR overview
- Automatic analysis for Azure DevOps is a zero-configuration SonarQube Cloud feature that analyzes code directly from repositories without requiring CI pipeline setup or YAML editing.
- The tool identifies bugs, vulnerabilities, and security hotspots across 20+ languages, including C/C++, Java, JavaScript/TypeScript, .NET, and Python, by triggering scans automatically on every push or pull request.
- A great way to get started, this solution eliminates manual friction like service connections, providing a fast path to initial code quality insights for teams with standard build environments, and delivering a zero configuration code analysis.
- While ideal for speed, CI-based analysis remains the recommended long term approach.
We are excited to share that automatic analysis is now available for Azure DevOps repositories on SonarQube Cloud.
Automatic analysis is a zero-configuration feature that lets SonarQube Cloud analyze your code directly from your repository - no CI pipeline setup required. Once you import a project, the platform checks eligibility, triggers the first analysis automatically, and continues to re-run it on every push to the default branch and on every pull request. For teams that want to start seeing code quality and security findings without touching their build configuration, it is the fastest path to results SonarQube Cloud offers.
Until now, this experience was only available for GitHub repositories. It is now available for Azure DevOps as well, delivering zero configuration code analysis and rapid access to actionable insights.
The problem it solves
Getting SonarQube Cloud running on an Azure DevOps repository using CI can feel tedious. You have to set up a SonarQube Service Connection in Azure DevOps, configure a CI/CD pipeline to include the analysis step, and ensure your build configuration is correct before seeing a single finding. For teams evaluating the product or with less established CI/CD practices, that setup is often enough friction to stall onboarding entirely.
Automatic analysis skips CI setup and makes it a lot easier. You connect your Azure DevOps organization, select your repositories, and SonarQube Cloud analyzes your code directly — no pipeline changes, no YAML editing, no service connection required. The platform reads your code straight from the repository, triggers the first analysis automatically, and re-runs it on every push to the default branch and on every pull request.
That is what zero configuration actually means in practice.
When to use automatic analysis versus CI based analysis
Automatic analysis is designed to get you to actionable insights as fast as possible. That said, it is worth understanding what it covers and where it has limits.
What it covers, in a nutshell:
- Analysis of the default branch and all pull requests, triggered automatically on every push
- Support for over 20 programming languages, including C/C++, Java, JavaScript, TypeScript, C#, .NET, and Python.
Where CI-based analysis is the better fit:
- In general, and as your project matures into a complex, high-requirement production codebase, advancing to a CI-based analysis is the recommended approach.
For more details, check the automatic analysis documentation.
How to get started
For new projects:
- Go to SonarQube Cloud and connect your Azure DevOps organization. When generating your Azure PAT, make sure Analytics > Read is selected under Show all scopes.
- Import the repositories you want to analyze.
- For eligible repositories, automatic analysis starts immediately — no further configuration needed.
- Results appear on the default branch and active pull requests shortly after import.
Existing CI-based projects are unaffected. They continue to run as before.
The bottom line
Start with automatic analysis for instant results, and switch to a CI-based workflow as your project matures into a complex, high-requirement production codebase.
For setup details and the full list of supported languages, please refer to the documentation.
