Images
>sonar-scanner-cli

sonar-scanner-cli

Packages the SonarScanner CLI for running static code analysis and sending results to a SonarQube or SonarCloud instance.

semgrep, codeql, trivy, snyk

What is sonar-scanner-cli?

The sonar-scanner-cli image provides the SonarScanner command-line tool, used to analyze source code and send results to a SonarQube server or SonarCloud. SonarScanner inspects code for bugs, vulnerabilities, code smells, and coverage gaps across a wide range of languages including Java, JavaScript, Python, Go, C#, and more.

The containerized scanner is most commonly used in CI/CD pipelines to gate pull requests and release branches on quality gate results. It reads project configuration from sonar-project.properties or via command-line parameters and communicates with a SonarQube instance over HTTP.

How to use this image

Basic scan with environment variables:

docker run --rm \
  -e SONAR_HOST_URL=https://sonarqube.example.com \
  -e SONAR_TOKEN=$SONAR_TOKEN \
  -v $(pwd):/usr/src \
  sonarsource/sonar-scanner-cli

Pass project properties via command line:

docker run --rm \
  -v $(pwd):/usr/src \
  sonarsource/sonar-scanner-cli \
  sonar-scanner \
  -Dsonar.projectKey=my-project \
  -Dsonar.sources=. \
  -Dsonar.host.url=https://sonarqube.example.com \
  -Dsonar.token=$SONAR_TOKEN

Use a sonar-project.properties file:

# sonar-project.properties
sonar.projectKey=my-project
sonar.projectName=My Project
sonar.sources=src
sonar.tests=tests
sonar.language=py
sonar.python.coverage.reportPaths=coverage.xml

docker run --rm \
  -e SONAR_HOST_URL=https://sonarqube.example.com \
  -e SONAR_TOKEN=$SONAR_TOKEN \
  -v $(pwd):/usr/src \
  sonarsource/sonar-scanner-cli

In a CI pipeline (GitHub Actions example):

- name: SonarQube Scan
  run: |
    docker run --rm \
      -e SONAR_HOST_URL=${{ secrets.SONAR_HOST_URL }} \
      -e SONAR_TOKEN=${{ secrets.SONAR_TOKEN }} \
      -v ${{ github.workspace }}:/usr/src \
      sonarsource/sonar-scanner-cli

Image variants

sonarsource/sonar-scanner-cli:latest

The latest stable SonarScanner release. Based on an Eclipse Temurin JRE image. Suitable for most CI use cases.

sonarsource/sonar-scanner-cli:<version>

Pinned version tags such as sonarsource/sonar-scanner-cli:5.0. Recommended when a specific SonarQube server version requires a matching scanner version.

Interested in base images that start and stay clean?

Chat with a product expert