sonar-scan

[ C O D E   V U L N E R A B I L I T Y   H U N T E R ]

A zero-configuration SonarQube wrapper. Run a single command, get a full code quality report. No setup wizards needed.

View on GitHub Buy me a coffee
sonar-scan interactive terminal menu showing ASCII art banner and operation selection
Terminal
_

What it does

Point it at any directory and walk away. sonar-scan handles SonarQube deployment, authentication, cleanup, scanning, and result delivery -- all automatically.

One-line curl install with ASCII art install banner

One-line install

Pipe the installer from GitHub. It deploys sonar-scan to /usr/local/bin with zero friction.

Terminal showing scan progress with colored status messages

Full scan pipeline

Docker check, SonarQube deploy, auth, purge old data, scan, deliver results. All automated.

Interactive retro terminal menu with ASCII art

Interactive menu

Run without arguments for a retro-styled interactive menu. Choose scan, download issues, or exit.

Usage

Every command you need, nothing you don't. Run sonar-scan with a flag or let the interactive menu guide you.

Interactive menu

Run without arguments for a retro-styled terminal menu.

$ _

Run a scan

Scan the current directory for vulnerabilities.

$ _

Scan specific directory

Point it at any project path on your system.

$ _

Download issues

Export all detected issues to a structured JSON file.

$ _

Quiet mode

Minimal output. Perfect for CI/CD pipelines.

$ _

Clean up Docker

Remove SonarQube and scanner Docker images.

$ _

Help

Display all available commands and options.

$ _

Version

Print the currently installed version.

$ _

See it in action

A full scan from start to finish, followed by a JSON issue export. No edits, no tricks -- this is what it actually looks like.

sonar-scan demo 
 
 
 
 
   
 
 
Features
 
 
 
  
 
 
Zero Configuration
 
No config files, no setup wizards. Just run the command.
 
 
 
 
  
 
 
Auto SonarQube Deploy
 
Spins up a SonarQube Docker container automatically if none is running.
 
 
 
 
  
 
 
Auto Authentication
 
Handles credentials, password changes, and token generation for you.
 
 
 
 
  
 
 
Fresh Scans
 
Purges old project data before each scan for clean, reliable results every time.
 
 
 
 
  
 
 
Directory-Based Names
 
Uses the folder name as the SonarQube project key. No manual naming needed.
 
 
 
 
  
 
 
Issue Export
 
Download all detected issues to a structured JSON file with pagination support.
 
 
 
 
  
 
 
Interactive Menu
 
Retro-styled terminal menu when run without arguments.
 
 
 
 
  
 
 
Quiet Mode
 
Use --quiet for minimal output. Perfect for CI/CD pipelines.
 
 
 
 
  
 
 
Idempotent Installer
 
Safe to run repeatedly. Handles fresh installs, updates, and removal.
 
 
 
 
  
 
 
One-Line Install
 
curl | bash from GitHub. Detects pipe mode automatically.
 
 
 
 
  
 
 
Docker Cleanup
 
--delete-images removes SonarQube and scanner Docker images from your system.
 
 
 
 
  
 
 
Retro Terminal UI
 
Neon ASCII art banners.
 
 
 
 
 
  
 
 
Requirements
 
 
 
Docker

 
 
Bash 4.0+

 
 
Python 3

 
 
curl

 
 
Linux / macOS

 
 
4GB+ RAM

 
 
 
  
 
 
Get started in 10 seconds
 
One command installs it. Another command scans your code. That's it.
 
  
View on GitHub
  
Buy me a coffee
 
 
Found a bug? Open an issue