Introduction
AI is changing coding fast, and more teams are using it. But great software still needs to be secure, and easy to update.
Even though AI can help you code faster, it doesn't automatically make your code perfect. Finding and fixing problems early is super important. It saves a lot of time and money compared to finding and remediating bugs later.
At Sonar, we want to give all developers the best tools to check their code, no matter where they're coding. That's why SonarQube now works right in your IDE coding environment.
When you use SonarQube for IDE in Connected Mode, you'll get instant feedback on possible problems like bugs, vulnerabilities, code smells, security hotspots, etc. even in the code AI writes for you. This helps you catch problems right away and makes sure all your code, even the AI-generated code, follows the quality rules that you have defined in SonarQube Server or Cloud.
Using the SonarQube IDE Extension with Connected Mode in coding editors like Visual Studio Code (VS Code) gives you real-time info about your code's quality, security risks, and vulnerabilities as you type, including suggestions from AI-written code. This quick feedback helps stop problems in real time as you code. It also double-checks that the code AI writes fits what you need and is safe.
Now, we're happy to bring Sonar AI CodeFix to VS Code users in Connected Mode. This feature gives you automatic tips and smart suggestions to fix your code and keep your projects up-to-date.
In this article, we’ll walk you through:
- How to set up and optimize SonarQube’s Connected Mode for VS Code.
- How to leverage Sonar AI CodeFix within the Connected Mode, which offers automated insights and code remediation suggestions to keep your project future-proof.
Step-by-step guide: setting up the SonarQube IDE Extension for VS Code
We will now walk you through the process of setting up and using SonarQube IDE Extension for VS Code. By following these steps, you'll integrate SonarQube into your development workflow.
Prerequisites for installing the SonarQube for IDE Extension
To install, configure and use the AI CodeFix within the SQ IDE extension, you need to install SonarQube for IDE: Visual Studio Code v4.20 version. Also, AI CodeFix is available in the Team and Enterprise plans of SonarQube Cloud and the Enterprise plan for SonarQube Server. This article is for SonarQube Cloud but the same can be set up in SonarQube Server 2025.3 and later.
Install the SonarQube for IDE Extension
- In VS Code, click on the Extension menu from the left sidebar.
- Type Sonar and you will see the “SonarQube for IDE” extension.
- Click on Install.
- After installing, restart the IDE. When the IDE is up and running again, select the SonarQube icon from the extension menu.
- Select the connection that you want to make here, for this article, we are going to choose SonarQube Cloud connection.
- Click on Add SonarQube Cloud Connection.
- Here, you need to click on “Generate Token”.
- It will take you to the login screen for SonarQube Cloud. Once you login, it will automatically generate the code and ask you to move back to the VS Code again.
- Click on Save Connection.
- At this time, if you open any files on the open project, it will prompt to bind the project with the SonarQube.
- Click on Configure Binding to bind this project.
- When the binding is done, SonarQube will start pulling the issues in the IDE itself and you can see all of them per code file. In the connected mode, SonarQube will discover more issues than in other modes through its deeper analysis.
- Open a file, click on the Problems tab in the status bar. You will see all the issues listed down.
- From here, there are two ways to generate AI CodeFix for a particular issue. Let’s go through the first method.
- To get the action, users can either hover over the issue in the editor and click on the lightbulb icon that appears on the side. Alternatively, they can select the “Quick fix…” option in the issue message that pops up. Alternatively, put the cursor on the issue location (highlighted portion) and press “Cmd/Ctrl + ”.
- Click on AI CodeFix and it will generate the code fix for you.
- (Optional) There is another way to use AI CodeFix as well. If you right click on the issue from the Problems tab, you can also select Fix with AI CodeFix.
- In any of the chosen methods, once you generate the code fix, it will show you the fix in the Refactor Preview tab.
- Select the check box and click on Apply.
- It will apply the fix to the issue that is reported on the file.
Benefits of AI CodeFix
- Faster remediation: Quickly address coding issues without extensive manual intervention.
- Consistent standards: Align automated fixes with your organization’s specific coding and security requirements.
- Learning opportunity: See exactly how the IDE modifies your code, helping you develop better habits and reduce similar issues in the future.
Conclusion
Implementing Connected Mode in VS Code is a crucial step toward embracing a shift-left culture of proactive quality assurance. With SonarQube’s real-time analysis and AI CodeFix, you’ll not only reduce bugs and security gaps but also diminish the stress of finding critical issues late in the game. To benefit from this feature in VS Code, you should be using SonarQube for IDE in connected mode with SonarQube Cloud Team and Enterprise plans, and it must be activated by an Organization Admin in SonarQube Cloud for the project you’re working on.
Ready to transform your development process?
- Install the SonarQube IDE Extension in VS Code if you haven’t already.
- Set Up Connected Mode to benefit from live feedback and cohesive team standards.
- Try AI CodeFix to turn static analysis insights into actionable solutions right when and where you code.
By taking these steps now, you’ll accelerate your release cadence, minimize technical debt, and create an environment where your team can focus on what truly matters: building innovative, high-quality software that delights users.