> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# sonarsource/sonarcloud

An Orb to run SonarQube Cloud analysis. SonarQube Cloud (formerly SonarCloud) is a widely used static analysis solution for continuous code quality and security inspection. It helps developers detect coding issues in 30+ languages, frameworks, and IaC platforms, including Java, JavaScript, TypeScript, C#, Python, C, C++, and many more. The solution also provides fix recommendations leveraging AI with Sonar's AI CodeFix capability.


## Commands

### scan

Detect bugs and vulnerabilities

| Parameter | Type | Default | Description |
|---|---|---|---|
| `cache_version` | integer | 1 | increment this value if the cache is corrupted and you want to start with a clean cache |
| `project_root` | string | . | the root of the project that should be analyzed (relative to the root directory of the repository) |
| `sonar_token_variable_name` | env_var_name | SONAR_TOKEN | the name of the environment variable where the SonarQube Cloud API token is stored |

## Examples

### scan-docker

Use the sonarcloud orb to detect bugs and vulnerabilities in your repository

```yaml
version: '2.1'
orbs:
  sonarcloud: sonarsource/sonarcloud@4.0
jobs:
  build:
    docker:
      - image: node:latest
    steps:
      - checkout
      - sonarcloud/scan
workflows:
  main:
    jobs:
      - build:
          context: sonarcloud
```