Automic VaultAutomic Vault

brew

Install sonar-scanner with Homebrew, apk, scoop

Launcher to analyze a project with SonarQube. Version 8.1.0.6389 via Homebrew; verified 2026-04-21.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install sonar-scanner

local Homebrew formula metadata

Linux

Alpine Linux apkverified · 92%
sudo apk add sonar-scanner

Alpine Linux edge package indexes · sonar-scanner · source: dl-cdn.alpinelinux.org

Windows

Scoopverified · 92%
scoop install main/sonar-scanner

Scoop official bucket manifest trees · bucket/sonar-scanner.json · source: api.github.com

overview

Package summary

Launcher to analyze a project with SonarQube

Commands and aliases

  • sonar-scanner

history

Project history and usage

SonarScanner CLI is SonarSource's command-line scanner for running SonarQube Server and SonarQube Cloud code analysis when there is no build-system-specific scanner. It is a CI/CD staple because it turns a checked-out source tree plus `sonar-project.properties` into an analysis uploaded to a Sonar service.

Project history

The public GitHub repository is the official scanner CLI source tree, and its tags include older 2.x releases. Current SonarSource documentation presents a maintained release line from 4.x through 8.x, with the README stating that project configuration is read from `sonar-project.properties` or passed on the command line.

Notable documented release changes include the 4.3 release using the SonarScanner name in logs, the 4.4 release adding a supported Docker image, the 5.0 release embedding Java 17, the 6.0 release adding a new bootstrapping mechanism and JRE provisioning for SonarQube 10.6+ and SonarCloud, and the 8.0.1 release updating embedded JREs to Java 21.

Adoption history

The scanner is distributed as OS-specific downloads, a Docker image, a generic JVM zip, and package-manager formulae. Homebrew analytics show tens of thousands of yearly installs, which fits its role as a common CI dependency rather than a library used inside application code.

How it is used

Users create `sonar-project.properties` in the project root, run `sonar-scanner`, and provide server/project credentials through scanner parameters, CI secrets, or environment configuration rather than a dedicated credentials file. SonarSource warns users to prefer dedicated Maven, Gradle, or .NET scanners for those build systems.

Why package nerds care

SonarScanner CLI matters to package maintainers because CI images and developer machines need a reproducible scanner binary with the right Java behavior. Changes such as embedded JRE updates, Docker distribution, and auto-provisioning affect whether a package works in minimal runners, corporate networks, and long-lived build pipelines.

Timeline

  • 2019: SonarScanner CLI 4.3 documents use of the SonarScanner name in logs.
  • 2020: Version 4.4 adds a supported Docker image.
  • 2023: Version 5.0 updates the embedded JRE to Java 17.
  • 2024: Version 6.0 adds new bootstrapping and JRE provisioning.
  • 2025: Version 7.3 adds z/OS support for scanner execution.
  • 2025: Version 8.0.1 updates embedded JREs to Java 21.

Related projects

  • SonarQube Server and SonarQube Cloud receive the analysis results.
  • Dedicated SonarScanners exist for Maven, Gradle, and .NET and are recommended for those ecosystems.
  • The scanner is also distributed as the official `sonarsource/sonar-scanner-cli` Docker image.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
sonar-project.properties${scanner.home}/conf/sonar-scanner.properties

executables

Installed executables

CommandKindExposureNote
sonar-scannercliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version8.1.0.6389
manager updated2026-04-21
local dataok
upstreamnot checked
latest detectednot detected

https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/

install metadata

Package metadata

Package keybrew:sonar-scanner
Version8.1.0.6389
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/sonar-scanner
Homepagehttps://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
Repositoryhttps://github.com/SonarSource/sonar-scanner-cli
Upstream docshttps://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-cli
LicenseLGPL-3.0-or-later
Source archivehttps://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.1.0.6389.zip
Last updated2026-04-21T09:37:00Z
Pulseupdated
Dependenciesopenjdk
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesonar-scanner
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

apk95%

sonar-scanner 8.1.0.6389-r0

Scanner CLI for SonarQube and SonarCloud

https://github.com/SonarSource/sonar-scanner-cli

sudo apk add sonar-scanner
  • License: LGPL-3.0-or-later
  • Architecture: x86_64
  • Source Package: sonar-scanner
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Sonar Scanner
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: sonar-scanner from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
Scoop95%

main/sonar-scanner

scoop install main/sonar-scanner
  • normalized package name match
  • Matched by: Sonar Scanner
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/sonar-scanner.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment